2019-11-29 06:59:40 -05:00
// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
// See LICENSE.txt for license information.
2017-01-30 08:30:02 -05:00
package api4
import (
2024-10-23 18:47:11 -04:00
"bytes"
2023-06-06 17:29:29 -04:00
"context"
2025-10-22 17:03:33 -04:00
"crypto/sha256"
"encoding/base64"
2021-09-01 08:43:12 -04:00
"encoding/json"
2019-04-15 12:40:14 -04:00
"fmt"
2024-10-23 18:47:11 -04:00
"image/png"
2023-03-16 12:50:00 -04:00
"io"
2017-01-30 08:30:02 -05:00
"net/http"
2022-07-26 10:47:09 -04:00
"net/url"
2021-01-13 05:42:35 -05:00
"os"
2019-06-11 15:09:00 -04:00
"regexp"
2019-01-31 14:39:02 -05:00
"strings"
2017-01-30 08:30:02 -05:00
"testing"
2017-05-10 07:46:52 -04:00
"time"
2017-01-30 08:30:02 -05:00
2019-03-04 09:27:59 -05:00
"github.com/dgryski/dgoogauth"
2025-03-12 18:22:03 -04:00
"github.com/golang/mock/gomock"
2021-01-07 12:12:43 -05:00
"github.com/stretchr/testify/assert"
2021-03-22 14:02:16 -04:00
"github.com/stretchr/testify/mock"
2021-01-07 12:12:43 -05:00
"github.com/stretchr/testify/require"
2023-06-11 01:24:35 -04:00
"github.com/mattermost/mattermost/server/public/model"
2024-06-25 09:26:08 -04:00
"github.com/mattermost/mattermost/server/public/shared/request"
2023-06-11 01:24:35 -04:00
"github.com/mattermost/mattermost/server/v8/channels/app"
"github.com/mattermost/mattermost/server/v8/channels/utils/testutils"
"github.com/mattermost/mattermost/server/v8/einterfaces/mocks"
"github.com/mattermost/mattermost/server/v8/platform/shared/mail"
2021-05-11 06:00:44 -04:00
2023-06-11 01:24:35 -04:00
_ "github.com/mattermost/mattermost/server/v8/channels/app/oauthproviders/gitlab"
2017-01-30 08:30:02 -05:00
)
func TestCreateUser ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2020-07-22 04:20:33 -04:00
th := Setup ( t )
2018-07-11 06:58:16 -04:00
2020-10-27 05:41:20 -04:00
user := model . User {
2024-07-16 13:39:47 -04:00
Id : model . NewId ( ) ,
Email : th . GenerateTestEmail ( ) ,
Nickname : "Corey Hulen" ,
2026-04-08 15:49:43 -04:00
Password : model . NewTestPassword ( ) ,
2024-07-16 13:39:47 -04:00
Username : GenerateTestUsername ( ) ,
}
_ , resp , err := th . Client . CreateUser ( context . Background ( ) , & user )
require . Error ( t , err )
CheckBadRequestStatus ( t , resp )
user = model . User {
Email : th . GenerateTestEmail ( ) ,
Nickname : "Corey Hulen" ,
2026-04-08 15:49:43 -04:00
Password : model . NewTestPassword ( ) ,
2024-07-16 13:39:47 -04:00
Username : GenerateTestUsername ( ) ,
Roles : model . SystemAdminRoleId + " " + model . SystemUserRoleId ,
EmailVerified : true ,
DeleteAt : 1 ,
CreateAt : 1 ,
UpdateAt : 1 ,
LastActivityAt : 1 ,
2020-10-27 05:41:20 -04:00
}
2017-01-30 08:30:02 -05:00
2023-06-06 17:29:29 -04:00
ruser , resp , err := th . Client . CreateUser ( context . Background ( ) , & user )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-03-31 09:56:20 -04:00
CheckCreatedStatus ( t , resp )
2020-10-27 05:41:20 -04:00
// Creating a user as a regular user with verified flag should not verify the new user.
require . False ( t , ruser . EmailVerified )
2017-01-30 08:30:02 -05:00
2024-11-20 11:28:39 -05:00
_ , _ , err = th . Client . Login ( context . Background ( ) , user . Email , user . Password )
require . NoError ( t , err )
2017-01-30 08:30:02 -05:00
2019-11-15 09:13:32 -05:00
require . Equal ( t , user . Nickname , ruser . Nickname , "nickname didn't match" )
2021-07-12 14:05:36 -04:00
require . Equal ( t , model . SystemUserRoleId , ruser . Roles , "did not clear roles" )
2023-06-30 10:10:10 -04:00
require . Equal ( t , int64 ( 0 ) , ruser . DeleteAt , "did not reset deleteAt" )
2024-07-16 13:39:47 -04:00
require . NotEqual ( t , user . UpdateAt , ruser . UpdateAt , "did not reset updateAt" )
require . NotEqual ( t , user . CreateAt , ruser . CreateAt , "did not reset createAt" )
require . NotEqual ( t , user . LastActivityAt , ruser . LastActivityAt , "did not reset LastActivityAt" )
2017-01-30 08:30:02 -05:00
CheckUserSanitization ( t , ruser )
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . CreateUser ( context . Background ( ) , ruser )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-01-30 08:30:02 -05:00
CheckBadRequestStatus ( t , resp )
ruser . Id = ""
ruser . Username = GenerateTestUsername ( )
2026-04-08 15:49:43 -04:00
ruser . Password = model . NewTestPassword ( )
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . CreateUser ( context . Background ( ) , ruser )
2021-08-13 07:12:16 -04:00
CheckErrorID ( t , err , "app.user.save.email_exists.app_error" )
2017-01-30 08:30:02 -05:00
CheckBadRequestStatus ( t , resp )
2018-01-17 13:38:37 -05:00
ruser . Email = th . GenerateTestEmail ( )
2017-01-30 08:30:02 -05:00
ruser . Username = user . Username
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . CreateUser ( context . Background ( ) , ruser )
2021-08-13 07:12:16 -04:00
CheckErrorID ( t , err , "app.user.save.username_exists.app_error" )
2017-01-30 08:30:02 -05:00
CheckBadRequestStatus ( t , resp )
ruser . Email = ""
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . CreateUser ( context . Background ( ) , ruser )
2021-08-13 07:12:16 -04:00
CheckErrorID ( t , err , "model.user.is_valid.email.app_error" )
2017-01-30 08:30:02 -05:00
CheckBadRequestStatus ( t , resp )
2018-09-24 14:59:53 -04:00
ruser . Username = "testinvalid+++"
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . CreateUser ( context . Background ( ) , ruser )
2021-08-13 07:12:16 -04:00
CheckErrorID ( t , err , "model.user.is_valid.username.app_error" )
2018-09-24 14:59:53 -04:00
CheckBadRequestStatus ( t , resp )
2017-10-18 18:36:43 -04:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . TeamSettings . EnableOpenServer = false } )
2018-05-18 09:57:30 -04:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . TeamSettings . EnableUserCreation = false } )
2017-03-29 21:05:32 -04:00
2020-06-12 02:35:09 -04:00
th . TestForSystemAdminAndLocal ( t , func ( t * testing . T , client * model . Client4 ) {
2026-04-08 15:49:43 -04:00
user2 := & model . User { Email : th . GenerateTestEmail ( ) , Password : model . NewTestPassword ( ) , Username : GenerateTestUsername ( ) , EmailVerified : true }
2023-06-06 17:29:29 -04:00
ruser2 , _ , err2 := client . CreateUser ( context . Background ( ) , user2 )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err2 )
2020-10-27 05:41:20 -04:00
// Creating a user as sysadmin should verify the user with the EmailVerified flag.
require . True ( t , ruser2 . EmailVerified )
2017-03-03 12:04:15 -05:00
2023-06-06 17:29:29 -04:00
r , err2 := client . DoAPIPost ( context . Background ( ) , "/users" , "garbage" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err2 , "should have errored" )
2020-06-12 02:35:09 -04:00
assert . Equal ( t , http . StatusBadRequest , r . StatusCode )
} )
2021-06-30 12:05:02 -04:00
th . TestForSystemAdminAndLocal ( t , func ( t * testing . T , client * model . Client4 ) {
email := th . GenerateTestEmail ( )
2026-04-08 15:49:43 -04:00
user2 := & model . User { Email : email , Password : model . NewTestPassword ( ) , Username : GenerateTestUsername ( ) , EmailVerified : true }
2023-06-06 17:29:29 -04:00
_ , _ , err = client . CreateUser ( context . Background ( ) , user2 )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2021-06-30 12:05:02 -04:00
_ , appErr := th . App . GetUserByUsername ( user2 . Username )
require . Nil ( t , appErr )
2026-04-08 15:49:43 -04:00
user3 := & model . User { Email : fmt . Sprintf ( " %s " , email ) , Password : model . NewTestPassword ( ) , Username : GenerateTestUsername ( ) , EmailVerified : true }
2023-06-06 17:29:29 -04:00
_ , resp , err = client . CreateUser ( context . Background ( ) , user3 )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2021-06-30 12:05:02 -04:00
CheckBadRequestStatus ( t , resp )
_ , appErr = th . App . GetUserByUsername ( user3 . Username )
require . NotNil ( t , appErr )
} , "Should not be able to create two users with the same email but spaces in it" )
2024-05-22 05:20:02 -04:00
th . TestForSystemAdminAndLocal ( t , func ( t * testing . T , client * model . Client4 ) {
email := th . GenerateTestEmail ( )
newUser := & model . User {
Id : model . NewId ( ) ,
2024-08-05 23:45:00 -04:00
RemoteId : model . NewPointer ( model . NewId ( ) ) ,
2024-05-22 05:20:02 -04:00
Email : email ,
2026-04-08 15:49:43 -04:00
Password : model . NewTestPassword ( ) ,
2024-05-22 05:20:02 -04:00
Username : GenerateTestUsername ( ) ,
EmailVerified : true ,
}
_ , resp , err = client . CreateUser ( context . Background ( ) , newUser )
require . Error ( t , err )
require . ErrorContains ( t , err , "Must call update for existing user" )
CheckBadRequestStatus ( t , resp )
_ , appErr := th . App . GetUserByEmail ( email )
require . NotNil ( t , appErr )
newUser . Id = ""
_ , resp , err = client . CreateUser ( context . Background ( ) , newUser )
require . NoError ( t , err )
CheckCreatedStatus ( t , resp )
createdUser , appErr := th . App . GetUserByEmail ( email )
require . Nil ( t , appErr )
require . Zero ( t , * createdUser . RemoteId )
} , "Should not be able to define the RemoteID of a user through the API" )
2017-01-30 08:30:02 -05:00
}
2024-10-15 04:31:01 -04:00
func TestCreateUserPasswordValidation ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2024-10-15 04:31:01 -04:00
th := Setup ( t )
ruser := model . User {
Nickname : "Corey Hulen" ,
2026-04-08 15:49:43 -04:00
Password : model . NewTestPassword ( ) ,
2024-10-15 04:31:01 -04:00
Roles : model . SystemAdminRoleId + " " + model . SystemUserRoleId ,
EmailVerified : true ,
}
for name , tc := range map [ string ] struct {
Password string
Settings * model . PasswordSettings
ExpectedError string
} {
"Short" : {
2026-04-08 15:49:43 -04:00
Password : strings . Repeat ( "x" , model . PasswordFIPSMinimumLength ) ,
2024-10-15 04:31:01 -04:00
Settings : & model . PasswordSettings {
2026-04-08 15:49:43 -04:00
MinimumLength : model . NewPointer ( model . PasswordFIPSMinimumLength ) ,
2024-10-15 04:31:01 -04:00
Lowercase : model . NewPointer ( false ) ,
Uppercase : model . NewPointer ( false ) ,
Number : model . NewPointer ( false ) ,
Symbol : model . NewPointer ( false ) ,
} ,
} ,
"Long" : {
Password : strings . Repeat ( "x" , model . PasswordMaximumLength ) ,
Settings : & model . PasswordSettings {
Lowercase : model . NewPointer ( false ) ,
Uppercase : model . NewPointer ( false ) ,
Number : model . NewPointer ( false ) ,
Symbol : model . NewPointer ( false ) ,
} ,
} ,
"TooShort" : {
Password : strings . Repeat ( "x" , 2 ) ,
Settings : & model . PasswordSettings {
2026-04-08 15:49:43 -04:00
MinimumLength : model . NewPointer ( model . PasswordFIPSMinimumLength ) ,
2024-10-15 04:31:01 -04:00
Lowercase : model . NewPointer ( false ) ,
Uppercase : model . NewPointer ( false ) ,
Number : model . NewPointer ( false ) ,
Symbol : model . NewPointer ( false ) ,
} ,
ExpectedError : "model.user.is_valid.pwd_min_length.app_error" ,
} ,
"TooLong" : {
Password : strings . Repeat ( "x" , model . PasswordMaximumLength + 1 ) ,
Settings : & model . PasswordSettings {
Lowercase : model . NewPointer ( false ) ,
Uppercase : model . NewPointer ( false ) ,
Number : model . NewPointer ( false ) ,
Symbol : model . NewPointer ( false ) ,
} ,
ExpectedError : "model.user.is_valid.pwd_max_length.app_error" ,
} ,
"MissingLower" : {
Password : "AAAAAAAAAAASD123!@#" ,
Settings : & model . PasswordSettings {
Lowercase : model . NewPointer ( true ) ,
Uppercase : model . NewPointer ( false ) ,
Number : model . NewPointer ( false ) ,
Symbol : model . NewPointer ( false ) ,
} ,
ExpectedError : "model.user.is_valid.pwd_lowercase.app_error" ,
} ,
"MissingUpper" : {
Password : "aaaaaaaaaaaaasd123!@#" ,
Settings : & model . PasswordSettings {
Uppercase : model . NewPointer ( true ) ,
Lowercase : model . NewPointer ( false ) ,
Number : model . NewPointer ( false ) ,
Symbol : model . NewPointer ( false ) ,
} ,
ExpectedError : "model.user.is_valid.pwd_uppercase.app_error" ,
} ,
"MissingNumber" : {
Password : "asasdasdsadASD!@#" ,
Settings : & model . PasswordSettings {
Number : model . NewPointer ( true ) ,
Lowercase : model . NewPointer ( false ) ,
Uppercase : model . NewPointer ( false ) ,
Symbol : model . NewPointer ( false ) ,
} ,
ExpectedError : "model.user.is_valid.pwd_number.app_error" ,
} ,
"MissingSymbol" : {
Password : "asdasdasdasdasdASD123" ,
Settings : & model . PasswordSettings {
Symbol : model . NewPointer ( true ) ,
Lowercase : model . NewPointer ( false ) ,
Uppercase : model . NewPointer ( false ) ,
Number : model . NewPointer ( false ) ,
} ,
ExpectedError : "model.user.is_valid.pwd_symbol.app_error" ,
} ,
"MissingMultiple" : {
Password : "asdasdasdasdasdasd" ,
Settings : & model . PasswordSettings {
Lowercase : model . NewPointer ( true ) ,
Uppercase : model . NewPointer ( true ) ,
Number : model . NewPointer ( true ) ,
Symbol : model . NewPointer ( true ) ,
} ,
ExpectedError : "model.user.is_valid.pwd_uppercase_number_symbol.app_error" ,
} ,
"Everything" : {
2026-04-08 15:49:43 -04:00
Password : "asdASDasd!@#123" ,
2024-10-15 04:31:01 -04:00
Settings : & model . PasswordSettings {
Lowercase : model . NewPointer ( true ) ,
Uppercase : model . NewPointer ( true ) ,
Number : model . NewPointer ( true ) ,
Symbol : model . NewPointer ( true ) ,
} ,
} ,
} {
t . Run ( name , func ( t * testing . T ) {
th . App . UpdateConfig ( func ( cfg * model . Config ) { cfg . PasswordSettings = * tc . Settings } )
ruser . Email = th . GenerateTestEmail ( )
ruser . Password = tc . Password
ruser . Username = GenerateTestUsername ( )
if _ , resp , err := th . Client . CreateUser ( context . Background ( ) , & ruser ) ; tc . ExpectedError == "" {
assert . NoError ( t , err )
} else {
CheckErrorID ( t , err , tc . ExpectedError )
CheckBadRequestStatus ( t , resp )
}
} )
}
}
2023-03-16 12:50:00 -04:00
func TestCreateUserAudit ( t * testing . T ) {
logFile , err := os . CreateTemp ( "" , "adv.log" )
require . NoError ( t , err )
defer os . Remove ( logFile . Name ( ) )
options := [ ] app . Option { app . WithLicense ( model . NewTestLicense ( "advanced_logging" ) ) }
ci: enable fullyparallel mode for server tests (#35816)
* ci: enable fullyparallel mode for server tests
Replace os.Setenv, os.Chdir, and global state mutations with
parallel-safe alternatives (t.Setenv, t.Chdir, test hooks) across
37 files. Refactor GetLogRootPath and MM_INSTALL_TYPE to use
package-level test hooks instead of environment variables.
This enables gotestsum --fullparallel, allowing all test packages
to run with maximum parallelism within each shard.
Co-authored-by: Claude <claude@anthropic.com>
* ci: split fullyparallel from continue-on-error in workflow template
- Add new boolean input 'allow-failure' separate from 'fullyparallel'
- Change continue-on-error to use allow-failure instead of fullyparallel
- Update server-ci.yml to pass allow-failure: true for test coverage job
- Allows independent control of parallel execution and failure tolerance
Co-authored-by: Claude <claude@anthropic.com>
* fix: protect TestOverrideLogRootPath with sync.Mutex for parallel tests
- Replace global var TestOverrideLogRootPath with mutex-protected functions
- Add SetTestOverrideLogRootPath() and getTestOverrideLogRootPath() functions
- Update GetLogRootPath() to use thread-safe getter
- Update all test files to use SetTestOverrideLogRootPath() with t.Cleanup()
- Fixes race condition when running tests with t.Parallel()
Co-authored-by: Claude <claude@anthropic.com>
* fix: configure audit settings before server setup in tests
- Move ExperimentalAuditSettings from UpdateConfig() to config defaults
- Pass audit config via app.Config() option in SetupWithServerOptions()
- Fixes audit test setup ordering to configure BEFORE server initialization
- Resolves CodeRabbit's audit config timing issue in api4 tests
Co-authored-by: Claude <claude@anthropic.com>
* fix: implement SetTestOverrideLogRootPath mutex in logger.go
The previous commit updated test callers to use SetTestOverrideLogRootPath()
but didn't actually create the function in config/logger.go, causing build
failures across all CI shards. This commit:
- Replaces the exported var TestOverrideLogRootPath with mutex-protected
unexported state (testOverrideLogRootPath + testOverrideLogRootMu)
- Adds exported SetTestOverrideLogRootPath() setter
- Adds unexported getTestOverrideLogRootPath() getter
- Updates GetLogRootPath() to use the thread-safe getter
- Fixes log_test.go callers that were missed in the previous commit
Co-authored-by: Claude <claude@anthropic.com>
* fix(test): use SetupConfig for access_control feature flag registration
InitAccessControlPolicy() checks FeatureFlags.AttributeBasedAccessControl
at route registration time during server startup. Setting the flag via
UpdateConfig after Setup() is too late — routes are never registered
and API calls return 404.
Use SetupConfig() to pass the feature flag in the initial config before
server startup, ensuring routes are properly registered.
Co-authored-by: Claude <claude@anthropic.com>
* fix(test): restore BurnOnRead flag state in TestRevealPost subtest
The 'feature not enabled' subtest disables BurnOnRead without restoring
it via t.Cleanup. Subsequent subtests inherit the disabled state, which
can cause 501 errors when they expect the feature to be available.
Add t.Cleanup to restore FeatureFlags.BurnOnRead = true after the
subtest completes.
Co-authored-by: Claude <claude@anthropic.com>
* fix(test): restore EnableSharedChannelsMemberSync flag via t.Cleanup
The test disables EnableSharedChannelsMemberSync without restoring it.
If the subtest exits early (e.g., require failure), later sibling
subtests inherit a disabled flag and become flaky.
Add t.Cleanup to restore the flag after the subtest completes.
Co-authored-by: Claude <claude@anthropic.com>
* Fix test parallelism: use instance-scoped overrides and init-time audit config
Replace package-level test globals (TestOverrideInstallType,
SetTestOverrideLogRootPath) with fields on PlatformService so each test
gets its own instance without process-wide mutation. Fix three audit
tests (TestUserLoginAudit, TestLogoutAuditAuthStatus,
TestUpdatePasswordAudit) that configured the audit logger after server
init — the audit logger only reads config at startup, so pass audit
settings via app.Config() at init time instead.
Also revert the Go 1.24.13 downgrade and bump mattermost-govet to
v2.0.2 for Go 1.25.8 compatibility.
* Fix audit unit tests
* Fix MMCLOUDURL unit tests
* Fixed unit tests using MM_NOTIFY_ADMIN_COOL_OFF_DAYS
* Make app migrations idempotent for parallel test safety
Change System().Save() to System().SaveOrUpdate() in all migration
completion markers. When two parallel tests share a database pool entry,
both may race through the check-then-insert migration pattern. Save()
causes a duplicate key fatal crash; SaveOrUpdate() makes the second
write a harmless no-op.
* test: address review feedback on fullyparallel PR
- Use SetLogRootPathOverride() setter instead of direct field access
in platform/support_packet_test.go and platform/log_test.go (pvev)
- Restore TestGetLogRootPath in config/logger_test.go to keep
MM_LOG_PATH env var coverage; test uses t.Setenv so it runs
serially which is fine (pvev)
- Fix misleading comment in config_test.go: code uses t.Setenv,
not os.Setenv (jgheithcock)
Co-authored-by: Claude <claude@anthropic.com>
* fix: add missing os import in post_test.go
The os import was dropped during a merge conflict resolution while
burn-on-read shared channel tests from master still use os.Setenv.
Co-authored-by: Claude <claude@anthropic.com>
---------
Co-authored-by: Claude <claude@anthropic.com>
Co-authored-by: wiggin77 <wiggin77@warpmail.net>
Co-authored-by: Mattermost Build <build@mattermost.com>
2026-04-08 20:48:36 -04:00
th := SetupWithServerOptionsAndConfig ( t , options , func ( cfg * model . Config ) {
cfg . ExperimentalAuditSettings . FileEnabled = model . NewPointer ( true )
cfg . ExperimentalAuditSettings . FileName = model . NewPointer ( logFile . Name ( ) )
} )
2023-03-16 12:50:00 -04:00
email := th . GenerateTestEmail ( )
user := model . User {
Email : email ,
2026-04-08 15:49:43 -04:00
Password : model . NewTestPassword ( ) ,
2023-03-16 12:50:00 -04:00
Username : GenerateTestUsername ( ) ,
}
2023-06-06 17:29:29 -04:00
_ , resp , err := th . Client . CreateUser ( context . Background ( ) , & user )
2023-03-16 12:50:00 -04:00
require . NoError ( t , err )
CheckCreatedStatus ( t , resp )
// Forcing a flush before attempting to read log's content.
err = th . Server . Audit . Flush ( )
require . NoError ( t , err )
require . NoError ( t , logFile . Sync ( ) )
data , err := io . ReadAll ( logFile )
require . NoError ( t , err )
require . NotEmpty ( t , data )
require . Contains ( t , string ( data ) , email )
2026-04-08 15:49:43 -04:00
require . NotContains ( t , string ( data ) , user . Password )
2024-07-08 18:56:54 -04:00
}
func TestUserLoginAudit ( t * testing . T ) {
logFile , err := os . CreateTemp ( "" , "adv.log" )
require . NoError ( t , err )
defer os . Remove ( logFile . Name ( ) )
options := [ ] app . Option { app . WithLicense ( model . NewTestLicense ( "advanced_logging" ) ) }
ci: enable fullyparallel mode for server tests (#35816)
* ci: enable fullyparallel mode for server tests
Replace os.Setenv, os.Chdir, and global state mutations with
parallel-safe alternatives (t.Setenv, t.Chdir, test hooks) across
37 files. Refactor GetLogRootPath and MM_INSTALL_TYPE to use
package-level test hooks instead of environment variables.
This enables gotestsum --fullparallel, allowing all test packages
to run with maximum parallelism within each shard.
Co-authored-by: Claude <claude@anthropic.com>
* ci: split fullyparallel from continue-on-error in workflow template
- Add new boolean input 'allow-failure' separate from 'fullyparallel'
- Change continue-on-error to use allow-failure instead of fullyparallel
- Update server-ci.yml to pass allow-failure: true for test coverage job
- Allows independent control of parallel execution and failure tolerance
Co-authored-by: Claude <claude@anthropic.com>
* fix: protect TestOverrideLogRootPath with sync.Mutex for parallel tests
- Replace global var TestOverrideLogRootPath with mutex-protected functions
- Add SetTestOverrideLogRootPath() and getTestOverrideLogRootPath() functions
- Update GetLogRootPath() to use thread-safe getter
- Update all test files to use SetTestOverrideLogRootPath() with t.Cleanup()
- Fixes race condition when running tests with t.Parallel()
Co-authored-by: Claude <claude@anthropic.com>
* fix: configure audit settings before server setup in tests
- Move ExperimentalAuditSettings from UpdateConfig() to config defaults
- Pass audit config via app.Config() option in SetupWithServerOptions()
- Fixes audit test setup ordering to configure BEFORE server initialization
- Resolves CodeRabbit's audit config timing issue in api4 tests
Co-authored-by: Claude <claude@anthropic.com>
* fix: implement SetTestOverrideLogRootPath mutex in logger.go
The previous commit updated test callers to use SetTestOverrideLogRootPath()
but didn't actually create the function in config/logger.go, causing build
failures across all CI shards. This commit:
- Replaces the exported var TestOverrideLogRootPath with mutex-protected
unexported state (testOverrideLogRootPath + testOverrideLogRootMu)
- Adds exported SetTestOverrideLogRootPath() setter
- Adds unexported getTestOverrideLogRootPath() getter
- Updates GetLogRootPath() to use the thread-safe getter
- Fixes log_test.go callers that were missed in the previous commit
Co-authored-by: Claude <claude@anthropic.com>
* fix(test): use SetupConfig for access_control feature flag registration
InitAccessControlPolicy() checks FeatureFlags.AttributeBasedAccessControl
at route registration time during server startup. Setting the flag via
UpdateConfig after Setup() is too late — routes are never registered
and API calls return 404.
Use SetupConfig() to pass the feature flag in the initial config before
server startup, ensuring routes are properly registered.
Co-authored-by: Claude <claude@anthropic.com>
* fix(test): restore BurnOnRead flag state in TestRevealPost subtest
The 'feature not enabled' subtest disables BurnOnRead without restoring
it via t.Cleanup. Subsequent subtests inherit the disabled state, which
can cause 501 errors when they expect the feature to be available.
Add t.Cleanup to restore FeatureFlags.BurnOnRead = true after the
subtest completes.
Co-authored-by: Claude <claude@anthropic.com>
* fix(test): restore EnableSharedChannelsMemberSync flag via t.Cleanup
The test disables EnableSharedChannelsMemberSync without restoring it.
If the subtest exits early (e.g., require failure), later sibling
subtests inherit a disabled flag and become flaky.
Add t.Cleanup to restore the flag after the subtest completes.
Co-authored-by: Claude <claude@anthropic.com>
* Fix test parallelism: use instance-scoped overrides and init-time audit config
Replace package-level test globals (TestOverrideInstallType,
SetTestOverrideLogRootPath) with fields on PlatformService so each test
gets its own instance without process-wide mutation. Fix three audit
tests (TestUserLoginAudit, TestLogoutAuditAuthStatus,
TestUpdatePasswordAudit) that configured the audit logger after server
init — the audit logger only reads config at startup, so pass audit
settings via app.Config() at init time instead.
Also revert the Go 1.24.13 downgrade and bump mattermost-govet to
v2.0.2 for Go 1.25.8 compatibility.
* Fix audit unit tests
* Fix MMCLOUDURL unit tests
* Fixed unit tests using MM_NOTIFY_ADMIN_COOL_OFF_DAYS
* Make app migrations idempotent for parallel test safety
Change System().Save() to System().SaveOrUpdate() in all migration
completion markers. When two parallel tests share a database pool entry,
both may race through the check-then-insert migration pattern. Save()
causes a duplicate key fatal crash; SaveOrUpdate() makes the second
write a harmless no-op.
* test: address review feedback on fullyparallel PR
- Use SetLogRootPathOverride() setter instead of direct field access
in platform/support_packet_test.go and platform/log_test.go (pvev)
- Restore TestGetLogRootPath in config/logger_test.go to keep
MM_LOG_PATH env var coverage; test uses t.Setenv so it runs
serially which is fine (pvev)
- Fix misleading comment in config_test.go: code uses t.Setenv,
not os.Setenv (jgheithcock)
Co-authored-by: Claude <claude@anthropic.com>
* fix: add missing os import in post_test.go
The os import was dropped during a merge conflict resolution while
burn-on-read shared channel tests from master still use os.Setenv.
Co-authored-by: Claude <claude@anthropic.com>
---------
Co-authored-by: Claude <claude@anthropic.com>
Co-authored-by: wiggin77 <wiggin77@warpmail.net>
Co-authored-by: Mattermost Build <build@mattermost.com>
2026-04-08 20:48:36 -04:00
th := SetupWithServerOptionsAndConfig ( t , options , func ( cfg * model . Config ) {
cfg . ExperimentalAuditSettings . FileEnabled = model . NewPointer ( true )
cfg . ExperimentalAuditSettings . FileName = model . NewPointer ( logFile . Name ( ) )
} )
2025-11-12 07:00:51 -05:00
2024-07-08 18:56:54 -04:00
_ , err = th . Client . Logout ( context . Background ( ) )
require . NoError ( t , err )
user , resp , err := th . Client . Login ( context . Background ( ) , th . BasicUser . Email , th . BasicUser . Password )
require . NoError ( t , err )
CheckOKStatus ( t , resp )
assert . Equal ( t , th . BasicUser . Id , user . Id )
sess , resp , err := th . Client . GetSessions ( context . Background ( ) , user . Id , "" )
require . NoError ( t , err )
CheckOKStatus ( t , resp )
assert . Len ( t , sess , 1 )
assert . Equal ( t , th . BasicUser . Id , sess [ 0 ] . UserId )
// Forcing a flush before attempting to read log's content.
err = th . Server . Audit . Flush ( )
require . NoError ( t , err )
require . NoError ( t , logFile . Sync ( ) )
data , err := io . ReadAll ( logFile )
require . NoError ( t , err )
require . NotEmpty ( t , data )
// ensure we are auditing the user_id and session_id
2026-02-10 15:12:14 -05:00
entry := FindAuditEntry ( string ( data ) , "login" , user . Id )
require . NotNil ( t , entry , "should find a login audit entry for user %s" , user . Id )
assert . Equal ( t , "success" , entry . Status )
assert . Equal ( t , user . Id , entry . UserID )
assert . Equal ( t , sess [ 0 ] . Id , entry . SessionID )
}
func TestLogoutAuditAuthStatus ( t * testing . T ) {
logFile , err := os . CreateTemp ( "" , "logout_audit.log" )
require . NoError ( t , err )
defer os . Remove ( logFile . Name ( ) )
options := [ ] app . Option { app . WithLicense ( model . NewTestLicense ( "advanced_logging" ) ) }
ci: enable fullyparallel mode for server tests (#35816)
* ci: enable fullyparallel mode for server tests
Replace os.Setenv, os.Chdir, and global state mutations with
parallel-safe alternatives (t.Setenv, t.Chdir, test hooks) across
37 files. Refactor GetLogRootPath and MM_INSTALL_TYPE to use
package-level test hooks instead of environment variables.
This enables gotestsum --fullparallel, allowing all test packages
to run with maximum parallelism within each shard.
Co-authored-by: Claude <claude@anthropic.com>
* ci: split fullyparallel from continue-on-error in workflow template
- Add new boolean input 'allow-failure' separate from 'fullyparallel'
- Change continue-on-error to use allow-failure instead of fullyparallel
- Update server-ci.yml to pass allow-failure: true for test coverage job
- Allows independent control of parallel execution and failure tolerance
Co-authored-by: Claude <claude@anthropic.com>
* fix: protect TestOverrideLogRootPath with sync.Mutex for parallel tests
- Replace global var TestOverrideLogRootPath with mutex-protected functions
- Add SetTestOverrideLogRootPath() and getTestOverrideLogRootPath() functions
- Update GetLogRootPath() to use thread-safe getter
- Update all test files to use SetTestOverrideLogRootPath() with t.Cleanup()
- Fixes race condition when running tests with t.Parallel()
Co-authored-by: Claude <claude@anthropic.com>
* fix: configure audit settings before server setup in tests
- Move ExperimentalAuditSettings from UpdateConfig() to config defaults
- Pass audit config via app.Config() option in SetupWithServerOptions()
- Fixes audit test setup ordering to configure BEFORE server initialization
- Resolves CodeRabbit's audit config timing issue in api4 tests
Co-authored-by: Claude <claude@anthropic.com>
* fix: implement SetTestOverrideLogRootPath mutex in logger.go
The previous commit updated test callers to use SetTestOverrideLogRootPath()
but didn't actually create the function in config/logger.go, causing build
failures across all CI shards. This commit:
- Replaces the exported var TestOverrideLogRootPath with mutex-protected
unexported state (testOverrideLogRootPath + testOverrideLogRootMu)
- Adds exported SetTestOverrideLogRootPath() setter
- Adds unexported getTestOverrideLogRootPath() getter
- Updates GetLogRootPath() to use the thread-safe getter
- Fixes log_test.go callers that were missed in the previous commit
Co-authored-by: Claude <claude@anthropic.com>
* fix(test): use SetupConfig for access_control feature flag registration
InitAccessControlPolicy() checks FeatureFlags.AttributeBasedAccessControl
at route registration time during server startup. Setting the flag via
UpdateConfig after Setup() is too late — routes are never registered
and API calls return 404.
Use SetupConfig() to pass the feature flag in the initial config before
server startup, ensuring routes are properly registered.
Co-authored-by: Claude <claude@anthropic.com>
* fix(test): restore BurnOnRead flag state in TestRevealPost subtest
The 'feature not enabled' subtest disables BurnOnRead without restoring
it via t.Cleanup. Subsequent subtests inherit the disabled state, which
can cause 501 errors when they expect the feature to be available.
Add t.Cleanup to restore FeatureFlags.BurnOnRead = true after the
subtest completes.
Co-authored-by: Claude <claude@anthropic.com>
* fix(test): restore EnableSharedChannelsMemberSync flag via t.Cleanup
The test disables EnableSharedChannelsMemberSync without restoring it.
If the subtest exits early (e.g., require failure), later sibling
subtests inherit a disabled flag and become flaky.
Add t.Cleanup to restore the flag after the subtest completes.
Co-authored-by: Claude <claude@anthropic.com>
* Fix test parallelism: use instance-scoped overrides and init-time audit config
Replace package-level test globals (TestOverrideInstallType,
SetTestOverrideLogRootPath) with fields on PlatformService so each test
gets its own instance without process-wide mutation. Fix three audit
tests (TestUserLoginAudit, TestLogoutAuditAuthStatus,
TestUpdatePasswordAudit) that configured the audit logger after server
init — the audit logger only reads config at startup, so pass audit
settings via app.Config() at init time instead.
Also revert the Go 1.24.13 downgrade and bump mattermost-govet to
v2.0.2 for Go 1.25.8 compatibility.
* Fix audit unit tests
* Fix MMCLOUDURL unit tests
* Fixed unit tests using MM_NOTIFY_ADMIN_COOL_OFF_DAYS
* Make app migrations idempotent for parallel test safety
Change System().Save() to System().SaveOrUpdate() in all migration
completion markers. When two parallel tests share a database pool entry,
both may race through the check-then-insert migration pattern. Save()
causes a duplicate key fatal crash; SaveOrUpdate() makes the second
write a harmless no-op.
* test: address review feedback on fullyparallel PR
- Use SetLogRootPathOverride() setter instead of direct field access
in platform/support_packet_test.go and platform/log_test.go (pvev)
- Restore TestGetLogRootPath in config/logger_test.go to keep
MM_LOG_PATH env var coverage; test uses t.Setenv so it runs
serially which is fine (pvev)
- Fix misleading comment in config_test.go: code uses t.Setenv,
not os.Setenv (jgheithcock)
Co-authored-by: Claude <claude@anthropic.com>
* fix: add missing os import in post_test.go
The os import was dropped during a merge conflict resolution while
burn-on-read shared channel tests from master still use os.Setenv.
Co-authored-by: Claude <claude@anthropic.com>
---------
Co-authored-by: Claude <claude@anthropic.com>
Co-authored-by: wiggin77 <wiggin77@warpmail.net>
Co-authored-by: Mattermost Build <build@mattermost.com>
2026-04-08 20:48:36 -04:00
th := SetupWithServerOptionsAndConfig ( t , options , func ( cfg * model . Config ) {
cfg . ExperimentalAuditSettings . FileEnabled = model . NewPointer ( true )
cfg . ExperimentalAuditSettings . FileName = model . NewPointer ( logFile . Name ( ) )
} )
2026-02-10 15:12:14 -05:00
t . Run ( "authenticated logout has auth_status=authenticated and user_id" , func ( t * testing . T ) {
require . NoError ( t , logFile . Truncate ( 0 ) )
_ , err := logFile . Seek ( 0 , 0 )
require . NoError ( t , err )
// Login first to get a valid session
user , resp , err := th . Client . Login ( context . Background ( ) , th . BasicUser . Email , th . BasicUser . Password )
require . NoError ( t , err )
CheckOKStatus ( t , resp )
// Logout with valid token
_ , err = th . Client . Logout ( context . Background ( ) )
require . NoError ( t , err )
err = th . Server . Audit . Flush ( )
require . NoError ( t , err )
require . NoError ( t , logFile . Sync ( ) )
data , err := io . ReadAll ( logFile )
require . NoError ( t , err )
require . NotEmpty ( t , data )
// Find the logout event for this specific user
entry := FindAuditEntry ( string ( data ) , "logout" , user . Id )
require . NotNil ( t , entry , "should find a logout audit entry for user %s" , user . Id )
assert . Equal ( t , "authenticated" , entry . Parameters [ "auth_status" ] ,
"logout event for user %s should have auth_status=authenticated" , user . Id )
} )
t . Run ( "invalid token logout has auth_status=token_invalid" , func ( t * testing . T ) {
require . NoError ( t , logFile . Truncate ( 0 ) )
_ , err := logFile . Seek ( 0 , 0 )
require . NoError ( t , err )
// Create a client with an invalid token
invalidClient := model . NewAPIv4Client ( th . Client . URL )
invalidClient . SetToken ( "invalid_token_12345" )
// Logout with invalid token - should still return OK (idempotent)
_ , err = invalidClient . Logout ( context . Background ( ) )
require . NoError ( t , err )
err = th . Server . Audit . Flush ( )
require . NoError ( t , err )
require . NoError ( t , logFile . Sync ( ) )
data , err := io . ReadAll ( logFile )
require . NoError ( t , err )
require . NotEmpty ( t , data )
// Find the logout event (no user ID for invalid token)
entry := FindAuditEntry ( string ( data ) , "logout" , "" )
require . NotNil ( t , entry , "should find a logout audit entry" )
assert . Equal ( t , "token_invalid" , entry . Parameters [ "auth_status" ] )
} )
t . Run ( "no token logout has auth_status=no_token" , func ( t * testing . T ) {
require . NoError ( t , logFile . Truncate ( 0 ) )
_ , err := logFile . Seek ( 0 , 0 )
require . NoError ( t , err )
// Create a client with no token
noTokenClient := model . NewAPIv4Client ( th . Client . URL )
// Logout with no token - should still return OK (idempotent)
_ , err = noTokenClient . Logout ( context . Background ( ) )
require . NoError ( t , err )
err = th . Server . Audit . Flush ( )
require . NoError ( t , err )
require . NoError ( t , logFile . Sync ( ) )
data , err := io . ReadAll ( logFile )
require . NoError ( t , err )
require . NotEmpty ( t , data )
// Find the logout event (no user ID for no token)
entry := FindAuditEntry ( string ( data ) , "logout" , "" )
require . NotNil ( t , entry , "should find a logout audit entry" )
assert . Equal ( t , "no_token" , entry . Parameters [ "auth_status" ] )
} )
2023-03-16 12:50:00 -04:00
}
2019-08-27 04:39:01 -04:00
func TestCreateUserInputFilter ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2020-07-22 04:20:33 -04:00
th := Setup ( t )
2019-08-27 04:39:01 -04:00
t . Run ( "DomainRestriction" , func ( t * testing . T ) {
2020-07-31 10:38:31 -04:00
enableAPIUserDeletion := th . App . Config ( ) . ServiceSettings . EnableAPIUserDeletion
2019-08-27 04:39:01 -04:00
th . App . UpdateConfig ( func ( cfg * model . Config ) {
* cfg . TeamSettings . EnableOpenServer = true
* cfg . TeamSettings . EnableUserCreation = true
* cfg . TeamSettings . RestrictCreationToDomains = "mattermost.com"
2020-07-31 10:38:31 -04:00
* cfg . ServiceSettings . EnableAPIUserDeletion = true
2019-08-27 04:39:01 -04:00
} )
defer th . App . UpdateConfig ( func ( cfg * model . Config ) {
* cfg . TeamSettings . RestrictCreationToDomains = ""
2020-07-31 10:38:31 -04:00
* cfg . ServiceSettings . EnableAPIUserDeletion = * enableAPIUserDeletion
2019-08-27 04:39:01 -04:00
} )
2020-06-12 02:35:09 -04:00
th . TestForSystemAdminAndLocal ( t , func ( t * testing . T , client * model . Client4 ) {
2026-04-08 15:49:43 -04:00
user := & model . User { Email : "foobar+testdomainrestriction@mattermost.com" , Password : model . NewTestPassword ( ) , Username : GenerateTestUsername ( ) }
2023-06-06 17:29:29 -04:00
u , _ , err := client . CreateUser ( context . Background ( ) , user ) // we need the returned created user to use its Id for deletion.
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
_ , err = client . PermanentDeleteUser ( context . Background ( ) , u . Id )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-06-12 02:35:09 -04:00
} , "ValidUser" )
2019-08-27 04:39:01 -04:00
2020-06-12 02:35:09 -04:00
th . TestForSystemAdminAndLocal ( t , func ( t * testing . T , client * model . Client4 ) {
2026-04-08 15:49:43 -04:00
user := & model . User { Email : "foobar+testdomainrestriction@mattermost.org" , Password : model . NewTestPassword ( ) , Username : GenerateTestUsername ( ) }
2023-06-06 17:29:29 -04:00
_ , resp , err := client . CreateUser ( context . Background ( ) , user )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2019-08-27 04:39:01 -04:00
CheckBadRequestStatus ( t , resp )
2020-06-12 02:35:09 -04:00
} , "InvalidEmail" )
2019-11-07 14:12:37 -05:00
t . Run ( "ValidAuthServiceFilter" , func ( t * testing . T ) {
2020-06-12 02:35:09 -04:00
t . Run ( "SystemAdminClient" , func ( t * testing . T ) {
user := & model . User {
Email : "foobar+testdomainrestriction@mattermost.org" ,
Username : GenerateTestUsername ( ) ,
AuthService : "ldap" ,
2024-08-05 23:45:00 -04:00
AuthData : model . NewPointer ( "999099" ) ,
2020-06-12 02:35:09 -04:00
}
2023-06-06 17:29:29 -04:00
u , _ , err := th . SystemAdminClient . CreateUser ( context . Background ( ) , user )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
_ , err = th . SystemAdminClient . PermanentDeleteUser ( context . Background ( ) , u . Id )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-06-12 02:35:09 -04:00
} )
t . Run ( "LocalClient" , func ( t * testing . T ) {
user := & model . User {
Email : "foobar+testdomainrestrictionlocalclient@mattermost.org" ,
Username : GenerateTestUsername ( ) ,
AuthService : "ldap" ,
2024-08-05 23:45:00 -04:00
AuthData : model . NewPointer ( "999100" ) ,
2020-06-12 02:35:09 -04:00
}
2023-06-06 17:29:29 -04:00
u , _ , err := th . LocalClient . CreateUser ( context . Background ( ) , user )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
_ , err = th . LocalClient . PermanentDeleteUser ( context . Background ( ) , u . Id )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-06-12 02:35:09 -04:00
} )
2019-11-07 14:12:37 -05:00
} )
2019-08-27 04:39:01 -04:00
2020-06-12 02:35:09 -04:00
th . TestForSystemAdminAndLocal ( t , func ( t * testing . T , client * model . Client4 ) {
2026-04-08 15:49:43 -04:00
user := & model . User { Email : "foobar+testdomainrestriction@mattermost.org" , Password : model . NewTestPassword ( ) , Username : GenerateTestUsername ( ) , AuthService : "ldap" }
2023-06-06 17:29:29 -04:00
_ , resp , err := th . Client . CreateUser ( context . Background ( ) , user )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2019-08-27 04:39:01 -04:00
CheckBadRequestStatus ( t , resp )
2020-06-12 02:35:09 -04:00
} , "InvalidAuthServiceFilter" )
2019-08-27 04:39:01 -04:00
} )
t . Run ( "Roles" , func ( t * testing . T ) {
th . App . UpdateConfig ( func ( cfg * model . Config ) {
* cfg . TeamSettings . EnableOpenServer = true
* cfg . TeamSettings . EnableUserCreation = true
* cfg . TeamSettings . RestrictCreationToDomains = ""
2020-07-31 10:38:31 -04:00
* cfg . ServiceSettings . EnableAPIUserDeletion = true
2019-08-27 04:39:01 -04:00
} )
2020-06-12 02:35:09 -04:00
th . TestForSystemAdminAndLocal ( t , func ( t * testing . T , client * model . Client4 ) {
2020-07-31 10:38:31 -04:00
emailAddr := "foobar+testinvalidrole@mattermost.com"
2026-04-08 15:49:43 -04:00
user := & model . User { Email : emailAddr , Password : model . NewTestPassword ( ) , Username : GenerateTestUsername ( ) , Roles : "system_user system_admin" }
2023-06-06 17:29:29 -04:00
_ , _ , err := client . CreateUser ( context . Background ( ) , user )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
ruser , appErr := th . App . GetUserByEmail ( emailAddr )
require . Nil ( t , appErr )
2019-08-27 04:39:01 -04:00
assert . NotEqual ( t , ruser . Roles , "system_user system_admin" )
2023-06-06 17:29:29 -04:00
_ , err = client . PermanentDeleteUser ( context . Background ( ) , ruser . Id )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-06-12 02:35:09 -04:00
} , "InvalidRole" )
2019-08-27 04:39:01 -04:00
} )
2020-06-12 02:35:09 -04:00
th . TestForSystemAdminAndLocal ( t , func ( t * testing . T , client * model . Client4 ) {
2019-08-27 04:39:01 -04:00
th . App . UpdateConfig ( func ( cfg * model . Config ) {
* cfg . TeamSettings . EnableOpenServer = true
* cfg . TeamSettings . EnableUserCreation = true
} )
2026-04-08 15:49:43 -04:00
user := & model . User { Id : "AAAAAAAAAAAAAAAAAAAAAAAAAA" , Email : "foobar+testinvalidid@mattermost.com" , Password : model . NewTestPassword ( ) , Username : GenerateTestUsername ( ) , Roles : "system_user system_admin" }
2023-06-06 17:29:29 -04:00
_ , resp , err := client . CreateUser ( context . Background ( ) , user )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2019-08-27 04:39:01 -04:00
CheckBadRequestStatus ( t , resp )
2020-06-12 02:35:09 -04:00
} , "InvalidId" )
2019-08-27 04:39:01 -04:00
}
2018-04-18 16:46:10 -04:00
func TestCreateUserWithToken ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2017-05-10 07:46:52 -04:00
2018-04-18 16:46:10 -04:00
t . Run ( "CreateWithTokenHappyPath" , func ( t * testing . T ) {
2026-04-08 15:49:43 -04:00
user := model . User { Email : th . GenerateTestEmail ( ) , Nickname : "Corey Hulen" , Password : model . NewTestPassword ( ) , Username : GenerateTestUsername ( ) , Roles : model . SystemAdminRoleId + " " + model . SystemUserRoleId }
2018-04-18 16:46:10 -04:00
token := model . NewToken (
2025-11-20 08:06:23 -05:00
model . TokenTypeTeamInvitation ,
2021-09-01 08:43:12 -04:00
model . MapToJSON ( map [ string ] string { "teamId" : th . BasicTeam . Id , "email" : user . Email } ) ,
2018-04-18 16:46:10 -04:00
)
2022-10-06 04:04:21 -04:00
require . NoError ( t , th . App . Srv ( ) . Store ( ) . Token ( ) . Save ( token ) )
2018-04-18 16:46:10 -04:00
2023-06-06 17:29:29 -04:00
ruser , resp , err := th . Client . CreateUserWithToken ( context . Background ( ) , & user , token . Token )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-05-10 07:46:52 -04:00
CheckCreatedStatus ( t , resp )
2024-11-20 11:28:39 -05:00
_ , _ , err = th . Client . Login ( context . Background ( ) , user . Email , user . Password )
require . NoError ( t , err )
2019-11-15 09:13:32 -05:00
require . Equal ( t , user . Nickname , ruser . Nickname )
2021-07-12 14:05:36 -04:00
require . Equal ( t , model . SystemUserRoleId , ruser . Roles , "should clear roles" )
2017-05-10 07:46:52 -04:00
CheckUserSanitization ( t , ruser )
2022-10-06 04:04:21 -04:00
_ , err = th . App . Srv ( ) . Store ( ) . Token ( ) . GetByToken ( token . Token )
2021-02-17 03:52:18 -05:00
require . Error ( t , err , "The token must be deleted after being used" )
2018-04-18 16:46:10 -04:00
2021-02-17 03:52:18 -05:00
teams , appErr := th . App . GetTeamsForUser ( ruser . Id )
require . Nil ( t , appErr )
2019-11-15 09:13:32 -05:00
require . NotEmpty ( t , teams , "The user must have teams" )
require . Equal ( t , th . BasicTeam . Id , teams [ 0 ] . Id , "The user joined team must be the team provided." )
2017-05-10 07:46:52 -04:00
} )
2020-06-12 02:35:09 -04:00
th . TestForSystemAdminAndLocal ( t , func ( t * testing . T , client * model . Client4 ) {
2026-04-08 15:49:43 -04:00
user := model . User { Email : th . GenerateTestEmail ( ) , Nickname : "Corey Hulen" , Password : model . NewTestPassword ( ) , Username : GenerateTestUsername ( ) , Roles : model . SystemAdminRoleId + " " + model . SystemUserRoleId }
2020-06-12 02:35:09 -04:00
token := model . NewToken (
2025-11-20 08:06:23 -05:00
model . TokenTypeTeamInvitation ,
2021-09-01 08:43:12 -04:00
model . MapToJSON ( map [ string ] string { "teamId" : th . BasicTeam . Id , "email" : user . Email } ) ,
2020-06-12 02:35:09 -04:00
)
2022-10-06 04:04:21 -04:00
require . NoError ( t , th . App . Srv ( ) . Store ( ) . Token ( ) . Save ( token ) )
2020-06-12 02:35:09 -04:00
2023-06-06 17:29:29 -04:00
ruser , resp , err := client . CreateUserWithToken ( context . Background ( ) , & user , token . Token )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-06-12 02:35:09 -04:00
CheckCreatedStatus ( t , resp )
2024-11-20 11:28:39 -05:00
_ , _ , err = th . Client . Login ( context . Background ( ) , user . Email , user . Password )
require . NoError ( t , err )
2020-06-12 02:35:09 -04:00
require . Equal ( t , user . Nickname , ruser . Nickname )
2021-07-12 14:05:36 -04:00
require . Equal ( t , model . SystemUserRoleId , ruser . Roles , "should clear roles" )
2020-06-12 02:35:09 -04:00
CheckUserSanitization ( t , ruser )
2022-10-06 04:04:21 -04:00
_ , err = th . App . Srv ( ) . Store ( ) . Token ( ) . GetByToken ( token . Token )
2021-02-17 03:52:18 -05:00
require . Error ( t , err , "The token must be deleted after being used" )
2020-06-12 02:35:09 -04:00
2021-02-17 03:52:18 -05:00
teams , appErr := th . App . GetTeamsForUser ( ruser . Id )
require . Nil ( t , appErr )
2020-06-12 02:35:09 -04:00
require . NotEmpty ( t , teams , "The user must have teams" )
require . Equal ( t , th . BasicTeam . Id , teams [ 0 ] . Id , "The user joined team must be the team provided." )
} , "CreateWithTokenHappyPath" )
2018-04-18 16:46:10 -04:00
t . Run ( "NoToken" , func ( t * testing . T ) {
2026-04-08 15:49:43 -04:00
user := model . User { Email : th . GenerateTestEmail ( ) , Nickname : "Corey Hulen" , Password : model . NewTestPassword ( ) , Username : GenerateTestUsername ( ) , Roles : model . SystemAdminRoleId + " " + model . SystemUserRoleId }
2018-04-18 16:46:10 -04:00
token := model . NewToken (
2025-11-20 08:06:23 -05:00
model . TokenTypeTeamInvitation ,
2021-09-01 08:43:12 -04:00
model . MapToJSON ( map [ string ] string { "teamId" : th . BasicTeam . Id , "email" : user . Email } ) ,
2018-04-18 16:46:10 -04:00
)
2022-10-06 04:04:21 -04:00
require . NoError ( t , th . App . Srv ( ) . Store ( ) . Token ( ) . Save ( token ) )
2024-11-20 11:28:39 -05:00
defer func ( ) {
appErr := th . App . DeleteToken ( token )
require . Nil ( t , appErr )
} ( )
2018-04-18 16:46:10 -04:00
2023-06-06 17:29:29 -04:00
_ , _ , err := th . Client . CreateUserWithToken ( context . Background ( ) , & user , "" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2025-10-07 06:19:21 -04:00
assert . ErrorContains ( t , err , "token ID is required" )
2017-05-10 07:46:52 -04:00
} )
2018-04-18 16:46:10 -04:00
t . Run ( "TokenExpired" , func ( t * testing . T ) {
2026-04-08 15:49:43 -04:00
user := model . User { Email : th . GenerateTestEmail ( ) , Nickname : "Corey Hulen" , Password : model . NewTestPassword ( ) , Username : GenerateTestUsername ( ) , Roles : model . SystemAdminRoleId + " " + model . SystemUserRoleId }
2017-05-10 07:46:52 -04:00
timeNow := time . Now ( )
past49Hours := timeNow . Add ( - 49 * time . Hour ) . UnixNano ( ) / int64 ( time . Millisecond )
2018-04-18 16:46:10 -04:00
token := model . NewToken (
2025-11-20 08:06:23 -05:00
model . TokenTypeTeamInvitation ,
2021-09-01 08:43:12 -04:00
model . MapToJSON ( map [ string ] string { "teamId" : th . BasicTeam . Id , "email" : user . Email } ) ,
2018-04-18 16:46:10 -04:00
)
token . CreateAt = past49Hours
2022-10-06 04:04:21 -04:00
require . NoError ( t , th . App . Srv ( ) . Store ( ) . Token ( ) . Save ( token ) )
2024-11-20 11:28:39 -05:00
defer func ( ) {
appErr := th . App . DeleteToken ( token )
require . Nil ( t , appErr )
} ( )
2018-04-18 16:46:10 -04:00
2023-06-06 17:29:29 -04:00
_ , resp , err := th . Client . CreateUserWithToken ( context . Background ( ) , & user , token . Token )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2018-04-18 16:46:10 -04:00
CheckBadRequestStatus ( t , resp )
2021-08-13 07:12:16 -04:00
CheckErrorID ( t , err , "api.user.create_user.signup_link_expired.app_error" )
2017-05-10 07:46:52 -04:00
} )
2018-04-18 16:46:10 -04:00
t . Run ( "WrongToken" , func ( t * testing . T ) {
2026-04-08 15:49:43 -04:00
user := model . User { Email : th . GenerateTestEmail ( ) , Nickname : "Corey Hulen" , Password : model . NewTestPassword ( ) , Username : GenerateTestUsername ( ) , Roles : model . SystemAdminRoleId + " " + model . SystemUserRoleId }
2018-04-18 16:46:10 -04:00
2023-06-06 17:29:29 -04:00
_ , resp , err := th . Client . CreateUserWithToken ( context . Background ( ) , & user , "wrong" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2020-07-09 03:16:27 -04:00
CheckNotFoundStatus ( t , resp )
2021-08-13 07:12:16 -04:00
CheckErrorID ( t , err , "api.user.create_user.signup_link_invalid.app_error" )
2017-05-10 07:46:52 -04:00
} )
t . Run ( "EnableUserCreationDisable" , func ( t * testing . T ) {
2018-07-11 06:58:16 -04:00
enableUserCreation := th . App . Config ( ) . TeamSettings . EnableUserCreation
defer func ( ) {
th . App . UpdateConfig ( func ( cfg * model . Config ) { cfg . TeamSettings . EnableUserCreation = enableUserCreation } )
} ( )
2026-04-08 15:49:43 -04:00
user := model . User { Email : th . GenerateTestEmail ( ) , Nickname : "Corey Hulen" , Password : model . NewTestPassword ( ) , Username : GenerateTestUsername ( ) , Roles : model . SystemAdminRoleId + " " + model . SystemUserRoleId }
2017-05-10 07:46:52 -04:00
2018-04-18 16:46:10 -04:00
token := model . NewToken (
2025-11-20 08:06:23 -05:00
model . TokenTypeTeamInvitation ,
2021-09-01 08:43:12 -04:00
model . MapToJSON ( map [ string ] string { "teamId" : th . BasicTeam . Id , "email" : user . Email } ) ,
2018-04-18 16:46:10 -04:00
)
2022-10-06 04:04:21 -04:00
require . NoError ( t , th . App . Srv ( ) . Store ( ) . Token ( ) . Save ( token ) )
2024-11-20 11:28:39 -05:00
defer func ( ) {
appErr := th . App . DeleteToken ( token )
require . Nil ( t , appErr )
} ( )
2017-05-10 07:46:52 -04:00
2018-05-18 09:57:30 -04:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . TeamSettings . EnableUserCreation = false } )
2017-05-10 07:46:52 -04:00
2023-06-06 17:29:29 -04:00
_ , resp , err := th . Client . CreateUserWithToken ( context . Background ( ) , & user , token . Token )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-05-10 07:46:52 -04:00
CheckNotImplementedStatus ( t , resp )
2021-08-13 07:12:16 -04:00
CheckErrorID ( t , err , "api.user.create_user.signup_email_disabled.app_error" )
2017-05-10 07:46:52 -04:00
} )
2020-06-12 02:35:09 -04:00
th . TestForSystemAdminAndLocal ( t , func ( t * testing . T , client * model . Client4 ) {
enableUserCreation := th . App . Config ( ) . TeamSettings . EnableUserCreation
defer th . App . UpdateConfig ( func ( cfg * model . Config ) { cfg . TeamSettings . EnableUserCreation = enableUserCreation } )
2026-04-08 15:49:43 -04:00
user := model . User { Email : th . GenerateTestEmail ( ) , Nickname : "Corey Hulen" , Password : model . NewTestPassword ( ) , Username : GenerateTestUsername ( ) , Roles : model . SystemAdminRoleId + " " + model . SystemUserRoleId }
2020-06-12 02:35:09 -04:00
token := model . NewToken (
2025-11-20 08:06:23 -05:00
model . TokenTypeTeamInvitation ,
2021-09-01 08:43:12 -04:00
model . MapToJSON ( map [ string ] string { "teamId" : th . BasicTeam . Id , "email" : user . Email } ) ,
2020-06-12 02:35:09 -04:00
)
2022-10-06 04:04:21 -04:00
require . NoError ( t , th . App . Srv ( ) . Store ( ) . Token ( ) . Save ( token ) )
2024-11-20 11:28:39 -05:00
defer func ( ) {
appErr := th . App . DeleteToken ( token )
require . Nil ( t , appErr )
} ( )
2020-06-12 02:35:09 -04:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . TeamSettings . EnableUserCreation = false } )
2023-06-06 17:29:29 -04:00
_ , resp , err := client . CreateUserWithToken ( context . Background ( ) , & user , token . Token )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2020-06-12 02:35:09 -04:00
CheckNotImplementedStatus ( t , resp )
2021-08-13 07:12:16 -04:00
CheckErrorID ( t , err , "api.user.create_user.signup_email_disabled.app_error" )
2020-06-12 02:35:09 -04:00
} , "EnableUserCreationDisable" )
2017-05-10 07:46:52 -04:00
t . Run ( "EnableOpenServerDisable" , func ( t * testing . T ) {
2026-04-08 15:49:43 -04:00
user := model . User { Email : th . GenerateTestEmail ( ) , Nickname : "Corey Hulen" , Password : model . NewTestPassword ( ) , Username : GenerateTestUsername ( ) , Roles : model . SystemAdminRoleId + " " + model . SystemUserRoleId }
2017-05-10 07:46:52 -04:00
2018-04-18 16:46:10 -04:00
token := model . NewToken (
2025-11-20 08:06:23 -05:00
model . TokenTypeTeamInvitation ,
2021-09-01 08:43:12 -04:00
model . MapToJSON ( map [ string ] string { "teamId" : th . BasicTeam . Id , "email" : user . Email } ) ,
2018-04-18 16:46:10 -04:00
)
2022-10-06 04:04:21 -04:00
require . NoError ( t , th . App . Srv ( ) . Store ( ) . Token ( ) . Save ( token ) )
2017-05-10 07:46:52 -04:00
2018-07-11 06:58:16 -04:00
enableOpenServer := th . App . Config ( ) . TeamSettings . EnableOpenServer
defer func ( ) {
th . App . UpdateConfig ( func ( cfg * model . Config ) { cfg . TeamSettings . EnableOpenServer = enableOpenServer } )
} ( )
2017-10-18 18:36:43 -04:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . TeamSettings . EnableOpenServer = false } )
2017-05-10 07:46:52 -04:00
2023-06-06 17:29:29 -04:00
ruser , resp , err := th . Client . CreateUserWithToken ( context . Background ( ) , & user , token . Token )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-05-10 07:46:52 -04:00
CheckCreatedStatus ( t , resp )
2024-11-20 11:28:39 -05:00
_ , _ , err = th . Client . Login ( context . Background ( ) , user . Email , user . Password )
require . NoError ( t , err )
2019-11-15 09:13:32 -05:00
require . Equal ( t , user . Nickname , ruser . Nickname )
2021-07-12 14:05:36 -04:00
require . Equal ( t , model . SystemUserRoleId , ruser . Roles , "should clear roles" )
2017-05-10 07:46:52 -04:00
CheckUserSanitization ( t , ruser )
2022-10-06 04:04:21 -04:00
_ , err = th . App . Srv ( ) . Store ( ) . Token ( ) . GetByToken ( token . Token )
2021-02-17 03:52:18 -05:00
require . Error ( t , err , "The token must be deleted after be used" )
2017-05-10 07:46:52 -04:00
} )
2023-01-30 10:19:27 -05:00
t . Run ( "Validate inviter user has permissions on channels he is inviting" , func ( t * testing . T ) {
2026-04-08 15:49:43 -04:00
user := model . User { Email : th . GenerateTestEmail ( ) , Nickname : "Corey Hulen" , Password : model . NewTestPassword ( ) , Username : GenerateTestUsername ( ) , Roles : model . SystemUserRoleId }
2023-01-30 10:19:27 -05:00
channelIdWithoutPermissions := th . BasicPrivateChannel2 . Id
channelIds := th . BasicChannel . Id + " " + channelIdWithoutPermissions
token := model . NewToken (
2025-11-20 08:06:23 -05:00
model . TokenTypeTeamInvitation ,
2023-01-30 10:19:27 -05:00
model . MapToJSON ( map [ string ] string { "teamId" : th . BasicTeam . Id , "email" : user . Email , "senderId" : th . BasicUser . Id , "channels" : channelIds } ) ,
)
require . NoError ( t , th . App . Srv ( ) . Store ( ) . Token ( ) . Save ( token ) )
2023-06-06 17:29:29 -04:00
ruser , resp , err := th . Client . CreateUserWithToken ( context . Background ( ) , & user , token . Token )
2023-01-30 10:19:27 -05:00
require . NoError ( t , err )
CheckCreatedStatus ( t , resp )
2024-11-20 11:28:39 -05:00
_ , _ , err = th . Client . Login ( context . Background ( ) , user . Email , user . Password )
require . NoError ( t , err )
2023-01-30 10:19:27 -05:00
require . Equal ( t , user . Nickname , ruser . Nickname )
require . Equal ( t , model . SystemUserRoleId , ruser . Roles , "should clear roles" )
CheckUserSanitization ( t , ruser )
_ , err = th . App . Srv ( ) . Store ( ) . Token ( ) . GetByToken ( token . Token )
require . Error ( t , err , "The token must be deleted after being used" )
teams , appErr := th . App . GetTeamsForUser ( ruser . Id )
require . Nil ( t , appErr )
require . NotEmpty ( t , teams , "The user must have teams" )
require . Equal ( t , th . BasicTeam . Id , teams [ 0 ] . Id , "The user joined team must be the team provided." )
// Now we get all the channels for the just created user
channelList , cErr := th . App . GetChannelsForTeamForUser ( th . Context , th . BasicTeam . Id , ruser . Id , & model . ChannelSearchOpts {
IncludeDeleted : false ,
LastDeleteAt : 0 ,
} )
require . Nil ( t , cErr )
// basicUser has no permissions on BasicPrivateChannel2 so the new invited user should be able to only access
// one channel from the two he was invited (plus the two default channels)
require . Len ( t , channelList , 3 )
} )
2023-02-07 18:38:34 -05:00
t . Run ( "Validate inviterUser permissions on channels he is inviting, when inviting guests" , func ( t * testing . T ) {
2026-04-08 15:49:43 -04:00
user := model . User { Email : th . GenerateTestEmail ( ) , Nickname : "Guest User" , Password : model . NewTestPassword ( ) , Username : GenerateTestUsername ( ) , Roles : model . SystemUserRoleId }
2023-02-07 18:38:34 -05:00
channelIdWithoutPermissions := th . BasicPrivateChannel2 . Id
channelIds := th . BasicChannel . Id + " " + channelIdWithoutPermissions
token := model . NewToken (
2025-11-20 08:06:23 -05:00
model . TokenTypeTeamInvitation ,
2023-02-07 18:38:34 -05:00
model . MapToJSON ( map [ string ] string { "guest" : "true" , "teamId" : th . BasicTeam . Id , "email" : user . Email , "senderId" : th . BasicUser . Id , "channels" : channelIds } ) ,
)
require . NoError ( t , th . App . Srv ( ) . Store ( ) . Token ( ) . Save ( token ) )
2023-06-06 17:29:29 -04:00
ruser , resp , err := th . Client . CreateUserWithToken ( context . Background ( ) , & user , token . Token )
2023-02-07 18:38:34 -05:00
require . NoError ( t , err )
CheckCreatedStatus ( t , resp )
2024-11-20 11:28:39 -05:00
_ , _ , err = th . Client . Login ( context . Background ( ) , user . Email , user . Password )
require . NoError ( t , err )
2023-02-07 18:38:34 -05:00
require . Equal ( t , user . Nickname , ruser . Nickname )
require . Equal ( t , model . SystemUserRoleId , ruser . Roles , "should clear roles" )
CheckUserSanitization ( t , ruser )
_ , err = th . App . Srv ( ) . Store ( ) . Token ( ) . GetByToken ( token . Token )
require . Error ( t , err , "The token must be deleted after being used" )
teams , appErr := th . App . GetTeamsForUser ( ruser . Id )
require . Nil ( t , appErr )
require . NotEmpty ( t , teams , "The guest must have teams" )
require . Equal ( t , th . BasicTeam . Id , teams [ 0 ] . Id , "The guest joined team must be the team provided." )
// Now we get all the channels for the just created guest
channelList , cErr := th . App . GetChannelsForTeamForUser ( th . Context , th . BasicTeam . Id , ruser . Id , & model . ChannelSearchOpts {
IncludeDeleted : false ,
LastDeleteAt : 0 ,
} )
require . Nil ( t , cErr )
// basicUser has no permissions on BasicPrivateChannel2 so the new invited guest should be able to only access
// one channel from the two he was invited (plus the two default channels)
require . Len ( t , channelList , 3 )
} )
2017-05-10 07:46:52 -04:00
}
2019-11-28 09:24:04 -05:00
func TestCreateUserWebSocketEvent ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2019-11-28 09:24:04 -05:00
t . Run ( "guest should not received new_user event but user should" , func ( t * testing . T ) {
2020-06-12 07:43:50 -04:00
th . App . Srv ( ) . SetLicense ( model . NewTestLicense ( "guests" ) )
2019-11-28 09:24:04 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . GuestAccountsSettings . Enable = true } )
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . GuestAccountsSettings . AllowEmailAccounts = true } )
id := model . NewId ( )
2026-04-08 15:49:43 -04:00
guestPassword := model . NewTestPassword ( )
2019-11-28 09:24:04 -05:00
guest := & model . User {
Email : "success+" + id + "@simulator.amazonses.com" ,
Username : "un_" + id ,
Nickname : "nn_" + id ,
Password : guestPassword ,
EmailVerified : true ,
}
2021-08-13 07:12:16 -04:00
guest , errr := th . App . CreateGuest ( th . Context , guest )
require . Nil ( t , errr )
2019-11-28 09:24:04 -05:00
2021-08-13 07:12:16 -04:00
_ , _ , errr = th . App . AddUserToTeam ( th . Context , th . BasicTeam . Id , guest . Id , "" )
require . Nil ( t , errr )
2019-11-28 09:24:04 -05:00
2022-07-14 05:01:29 -04:00
_ , errr = th . App . AddUserToChannel ( th . Context , guest , th . BasicChannel , false )
2021-08-13 07:12:16 -04:00
require . Nil ( t , errr )
2019-11-28 09:24:04 -05:00
guestClient := th . CreateClient ( )
2023-06-06 17:29:29 -04:00
_ , _ , err := guestClient . Login ( context . Background ( ) , guest . Email , guestPassword )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-11-28 09:24:04 -05:00
2025-01-29 08:58:43 -05:00
guestWSClient := th . CreateConnectedWebSocketClientWithClient ( t , guestClient )
userWSClient := th . CreateConnectedWebSocketClient ( t )
2019-11-28 09:24:04 -05:00
2026-04-08 15:49:43 -04:00
user := model . User { Email : th . GenerateTestEmail ( ) , Nickname : "Corey Hulen" , Password : model . NewTestPassword ( ) , Username : GenerateTestUsername ( ) , Roles : model . SystemAdminRoleId + " " + model . SystemUserRoleId }
2019-11-28 09:24:04 -05:00
inviteId := th . BasicTeam . InviteId
2023-06-06 17:29:29 -04:00
_ , resp , err := th . Client . CreateUserWithInviteId ( context . Background ( ) , & user , inviteId )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-11-28 09:24:04 -05:00
CheckCreatedStatus ( t , resp )
var userHasReceived bool
var guestHasReceived bool
func ( ) {
for {
select {
case ev := <- userWSClient . EventChannel :
2021-07-12 14:05:36 -04:00
if ev . EventType ( ) == model . WebsocketEventNewUser {
2019-11-28 09:24:04 -05:00
userHasReceived = true
}
case ev := <- guestWSClient . EventChannel :
2021-07-12 14:05:36 -04:00
if ev . EventType ( ) == model . WebsocketEventNewUser {
2019-11-28 09:24:04 -05:00
guestHasReceived = true
}
case <- time . After ( 2 * time . Second ) :
return
}
}
} ( )
2021-07-12 14:05:36 -04:00
require . Truef ( t , userHasReceived , "User should have received %s event" , model . WebsocketEventNewUser )
require . Falsef ( t , guestHasReceived , "Guest should not have received %s event" , model . WebsocketEventNewUser )
2019-11-28 09:24:04 -05:00
} )
}
2017-05-10 07:46:52 -04:00
func TestCreateUserWithInviteId ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2017-05-10 07:46:52 -04:00
t . Run ( "CreateWithInviteIdHappyPath" , func ( t * testing . T ) {
2026-04-08 15:49:43 -04:00
user := model . User { Email : th . GenerateTestEmail ( ) , Nickname : "Corey Hulen" , Password : model . NewTestPassword ( ) , Username : GenerateTestUsername ( ) , Roles : model . SystemAdminRoleId + " " + model . SystemUserRoleId }
2017-05-10 07:46:52 -04:00
inviteId := th . BasicTeam . InviteId
2023-06-06 17:29:29 -04:00
ruser , resp , err := th . Client . CreateUserWithInviteId ( context . Background ( ) , & user , inviteId )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-05-10 07:46:52 -04:00
CheckCreatedStatus ( t , resp )
2024-11-20 11:28:39 -05:00
_ , _ , err = th . Client . Login ( context . Background ( ) , user . Email , user . Password )
require . NoError ( t , err )
2019-11-15 09:13:32 -05:00
require . Equal ( t , user . Nickname , ruser . Nickname )
2021-07-12 14:05:36 -04:00
require . Equal ( t , model . SystemUserRoleId , ruser . Roles , "should clear roles" )
2017-05-10 07:46:52 -04:00
CheckUserSanitization ( t , ruser )
} )
2020-06-12 02:35:09 -04:00
th . TestForSystemAdminAndLocal ( t , func ( t * testing . T , client * model . Client4 ) {
2026-04-08 15:49:43 -04:00
user := model . User { Email : th . GenerateTestEmail ( ) , Nickname : "Corey Hulen" , Password : model . NewTestPassword ( ) , Username : GenerateTestUsername ( ) , Roles : model . SystemAdminRoleId + " " + model . SystemUserRoleId }
2020-06-12 02:35:09 -04:00
inviteId := th . BasicTeam . InviteId
2023-06-06 17:29:29 -04:00
ruser , resp , err := client . CreateUserWithInviteId ( context . Background ( ) , & user , inviteId )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-06-12 02:35:09 -04:00
CheckCreatedStatus ( t , resp )
2024-11-20 11:28:39 -05:00
_ , _ , err = th . Client . Login ( context . Background ( ) , user . Email , user . Password )
require . NoError ( t , err )
2020-06-12 02:35:09 -04:00
require . Equal ( t , user . Nickname , ruser . Nickname )
2021-07-12 14:05:36 -04:00
require . Equal ( t , model . SystemUserRoleId , ruser . Roles , "should clear roles" )
2020-06-12 02:35:09 -04:00
CheckUserSanitization ( t , ruser )
} , "CreateWithInviteIdHappyPath" )
2017-05-10 07:46:52 -04:00
2019-06-03 12:38:33 -04:00
t . Run ( "GroupConstrainedTeam" , func ( t * testing . T ) {
2026-04-08 15:49:43 -04:00
user := model . User { Email : th . GenerateTestEmail ( ) , Nickname : "" , Password : model . NewTestPassword ( ) , Username : GenerateTestUsername ( ) , Roles : model . SystemAdminRoleId + " " + model . SystemUserRoleId }
2019-06-03 12:38:33 -04:00
2024-08-05 23:45:00 -04:00
th . BasicTeam . GroupConstrained = model . NewPointer ( true )
2021-08-13 07:12:16 -04:00
team , appErr := th . App . UpdateTeam ( th . BasicTeam )
require . Nil ( t , appErr )
2019-06-03 12:38:33 -04:00
defer func ( ) {
2024-08-05 23:45:00 -04:00
th . BasicTeam . GroupConstrained = model . NewPointer ( false )
2021-08-13 07:12:16 -04:00
_ , appErr = th . App . UpdateTeam ( th . BasicTeam )
require . Nil ( t , appErr )
2019-06-03 12:38:33 -04:00
} ( )
inviteID := team . InviteId
2023-06-06 17:29:29 -04:00
_ , _ , err := th . Client . CreateUserWithInviteId ( context . Background ( ) , & user , inviteID )
2021-08-13 07:12:16 -04:00
CheckErrorID ( t , err , "app.team.invite_id.group_constrained.error" )
2019-06-03 12:38:33 -04:00
} )
2020-06-12 02:35:09 -04:00
th . TestForSystemAdminAndLocal ( t , func ( t * testing . T , client * model . Client4 ) {
2026-04-08 15:49:43 -04:00
user := model . User { Email : th . GenerateTestEmail ( ) , Nickname : "" , Password : model . NewTestPassword ( ) , Username : GenerateTestUsername ( ) , Roles : model . SystemAdminRoleId + " " + model . SystemUserRoleId }
2020-06-12 02:35:09 -04:00
2024-08-05 23:45:00 -04:00
th . BasicTeam . GroupConstrained = model . NewPointer ( true )
2021-08-13 07:12:16 -04:00
team , appErr := th . App . UpdateTeam ( th . BasicTeam )
require . Nil ( t , appErr )
2020-06-12 02:35:09 -04:00
defer func ( ) {
2024-08-05 23:45:00 -04:00
th . BasicTeam . GroupConstrained = model . NewPointer ( false )
2021-08-13 07:12:16 -04:00
_ , appErr = th . App . UpdateTeam ( th . BasicTeam )
require . Nil ( t , appErr )
2020-06-12 02:35:09 -04:00
} ( )
inviteID := team . InviteId
2023-06-06 17:29:29 -04:00
_ , _ , err := client . CreateUserWithInviteId ( context . Background ( ) , & user , inviteID )
2021-08-13 07:12:16 -04:00
CheckErrorID ( t , err , "app.team.invite_id.group_constrained.error" )
2020-06-12 02:35:09 -04:00
} , "GroupConstrainedTeam" )
2017-05-10 07:46:52 -04:00
t . Run ( "WrongInviteId" , func ( t * testing . T ) {
2026-04-08 15:49:43 -04:00
user := model . User { Email : th . GenerateTestEmail ( ) , Nickname : "Corey Hulen" , Password : model . NewTestPassword ( ) , Username : GenerateTestUsername ( ) , Roles : model . SystemAdminRoleId + " " + model . SystemUserRoleId }
2017-05-10 07:46:52 -04:00
inviteId := model . NewId ( )
2023-06-06 17:29:29 -04:00
_ , resp , err := th . Client . CreateUserWithInviteId ( context . Background ( ) , & user , inviteId )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-06-28 07:56:29 -04:00
CheckNotFoundStatus ( t , resp )
2021-08-13 07:12:16 -04:00
CheckErrorID ( t , err , "app.team.get_by_invite_id.finding.app_error" )
2017-05-10 07:46:52 -04:00
} )
t . Run ( "NoInviteId" , func ( t * testing . T ) {
2026-04-08 15:49:43 -04:00
user := model . User { Email : th . GenerateTestEmail ( ) , Nickname : "Corey Hulen" , Password : model . NewTestPassword ( ) , Username : GenerateTestUsername ( ) , Roles : model . SystemAdminRoleId + " " + model . SystemUserRoleId }
2017-05-10 07:46:52 -04:00
2023-06-06 17:29:29 -04:00
_ , _ , err := th . Client . CreateUserWithInviteId ( context . Background ( ) , & user , "" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2025-10-07 06:19:21 -04:00
assert . ErrorContains ( t , err , "invite ID is required" )
2017-05-10 07:46:52 -04:00
} )
t . Run ( "ExpiredInviteId" , func ( t * testing . T ) {
2026-04-08 15:49:43 -04:00
user := model . User { Email : th . GenerateTestEmail ( ) , Nickname : "Corey Hulen" , Password : model . NewTestPassword ( ) , Username : GenerateTestUsername ( ) , Roles : model . SystemAdminRoleId + " " + model . SystemUserRoleId }
2017-05-10 07:46:52 -04:00
inviteId := th . BasicTeam . InviteId
2023-06-06 17:29:29 -04:00
_ , _ , err := th . SystemAdminClient . RegenerateTeamInviteId ( context . Background ( ) , th . BasicTeam . Id )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-05-10 07:46:52 -04:00
2023-06-06 17:29:29 -04:00
_ , resp , err := th . Client . CreateUserWithInviteId ( context . Background ( ) , & user , inviteId )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-06-28 07:56:29 -04:00
CheckNotFoundStatus ( t , resp )
2021-08-13 07:12:16 -04:00
CheckErrorID ( t , err , "app.team.get_by_invite_id.finding.app_error" )
2017-05-10 07:46:52 -04:00
} )
t . Run ( "EnableUserCreationDisable" , func ( t * testing . T ) {
2026-04-08 15:49:43 -04:00
user := model . User { Email : th . GenerateTestEmail ( ) , Nickname : "Corey Hulen" , Password : model . NewTestPassword ( ) , Username : GenerateTestUsername ( ) , Roles : model . SystemAdminRoleId + " " + model . SystemUserRoleId }
2017-05-10 07:46:52 -04:00
2018-07-11 06:58:16 -04:00
enableUserCreation := th . App . Config ( ) . TeamSettings . EnableUserCreation
defer func ( ) {
th . App . UpdateConfig ( func ( cfg * model . Config ) { cfg . TeamSettings . EnableUserCreation = enableUserCreation } )
} ( )
2018-05-18 09:57:30 -04:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . TeamSettings . EnableUserCreation = false } )
2017-05-10 07:46:52 -04:00
inviteId := th . BasicTeam . InviteId
2023-06-06 17:29:29 -04:00
_ , resp , err := th . Client . CreateUserWithInviteId ( context . Background ( ) , & user , inviteId )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-05-10 07:46:52 -04:00
CheckNotImplementedStatus ( t , resp )
2021-08-13 07:12:16 -04:00
CheckErrorID ( t , err , "api.user.create_user.signup_email_disabled.app_error" )
2017-05-10 07:46:52 -04:00
} )
2020-06-12 02:35:09 -04:00
th . TestForSystemAdminAndLocal ( t , func ( t * testing . T , client * model . Client4 ) {
2026-04-08 15:49:43 -04:00
user := model . User { Email : th . GenerateTestEmail ( ) , Nickname : "Corey Hulen" , Password : model . NewTestPassword ( ) , Username : GenerateTestUsername ( ) , Roles : model . SystemAdminRoleId + " " + model . SystemUserRoleId }
2020-06-12 02:35:09 -04:00
enableUserCreation := th . App . Config ( ) . TeamSettings . EnableUserCreation
defer th . App . UpdateConfig ( func ( cfg * model . Config ) { cfg . TeamSettings . EnableUserCreation = enableUserCreation } )
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . TeamSettings . EnableUserCreation = false } )
inviteId := th . BasicTeam . InviteId
2023-06-06 17:29:29 -04:00
_ , resp , err := client . CreateUserWithInviteId ( context . Background ( ) , & user , inviteId )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2020-06-12 02:35:09 -04:00
CheckNotImplementedStatus ( t , resp )
2021-08-13 07:12:16 -04:00
CheckErrorID ( t , err , "api.user.create_user.signup_email_disabled.app_error" )
2020-06-12 02:35:09 -04:00
} , "EnableUserCreationDisable" )
2017-05-10 07:46:52 -04:00
t . Run ( "EnableOpenServerDisable" , func ( t * testing . T ) {
2026-04-08 15:49:43 -04:00
user := model . User { Email : th . GenerateTestEmail ( ) , Nickname : "Corey Hulen" , Password : model . NewTestPassword ( ) , Username : GenerateTestUsername ( ) , Roles : model . SystemAdminRoleId + " " + model . SystemUserRoleId }
2017-05-10 07:46:52 -04:00
2018-07-11 06:58:16 -04:00
enableOpenServer := th . App . Config ( ) . TeamSettings . EnableOpenServer
defer func ( ) {
th . App . UpdateConfig ( func ( cfg * model . Config ) { cfg . TeamSettings . EnableOpenServer = enableOpenServer } )
} ( )
2017-10-18 18:36:43 -04:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . TeamSettings . EnableOpenServer = false } )
2017-05-10 07:46:52 -04:00
2023-06-06 17:29:29 -04:00
team , _ , err := th . SystemAdminClient . RegenerateTeamInviteId ( context . Background ( ) , th . BasicTeam . Id )
2021-08-13 07:12:16 -04:00
assert . NoError ( t , err )
2019-04-25 17:09:38 -04:00
inviteId := team . InviteId
2017-05-10 07:46:52 -04:00
2023-06-06 17:29:29 -04:00
ruser , resp , err := th . Client . CreateUserWithInviteId ( context . Background ( ) , & user , inviteId )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-05-10 07:46:52 -04:00
CheckCreatedStatus ( t , resp )
2024-11-20 11:28:39 -05:00
_ , _ , err = th . Client . Login ( context . Background ( ) , user . Email , user . Password )
require . NoError ( t , err )
2019-11-15 09:13:32 -05:00
require . Equal ( t , user . Nickname , ruser . Nickname )
2021-07-12 14:05:36 -04:00
require . Equal ( t , model . SystemUserRoleId , ruser . Roles , "should clear roles" )
2017-05-10 07:46:52 -04:00
CheckUserSanitization ( t , ruser )
} )
}
2017-03-21 18:43:16 -04:00
func TestGetMe ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2017-03-21 18:43:16 -04:00
2023-06-06 17:29:29 -04:00
ruser , _ , err := th . Client . GetMe ( context . Background ( ) , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-03-21 18:43:16 -04:00
2019-11-15 09:13:32 -05:00
require . Equal ( t , th . BasicUser . Id , ruser . Id )
2017-03-21 18:43:16 -04:00
2024-11-20 11:28:39 -05:00
_ , err = th . Client . Logout ( context . Background ( ) )
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
_ , resp , err := th . Client . GetMe ( context . Background ( ) , "" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-03-21 18:43:16 -04:00
CheckUnauthorizedStatus ( t , resp )
}
2017-01-30 08:30:02 -05:00
func TestGetUser ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2020-07-22 04:20:33 -04:00
th := Setup ( t )
2017-01-30 08:30:02 -05:00
2025-11-12 07:00:51 -05:00
user := th . CreateUser ( t )
2017-10-20 20:26:45 -04:00
user . Props = map [ string ] string { "testpropkey" : "testpropvalue" }
2024-11-20 11:28:39 -05:00
_ , appErr := th . App . UpdateUser ( th . Context , user , false )
require . Nil ( t , appErr )
2017-01-30 08:30:02 -05:00
2020-07-23 06:53:35 -04:00
th . TestForAllClients ( t , func ( t * testing . T , client * model . Client4 ) {
2023-06-06 17:29:29 -04:00
ruser , resp , err := client . GetUser ( context . Background ( ) , user . Id , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-07-23 06:53:35 -04:00
CheckUserSanitization ( t , ruser )
2017-01-30 08:30:02 -05:00
2020-07-23 06:53:35 -04:00
require . Equal ( t , user . Email , ruser . Email )
2017-01-30 08:30:02 -05:00
2020-07-23 06:53:35 -04:00
assert . NotNil ( t , ruser . Props )
assert . Equal ( t , ruser . Props [ "testpropkey" ] , "testpropvalue" )
require . False ( t , ruser . IsBot )
2017-10-20 20:26:45 -04:00
2023-06-06 17:29:29 -04:00
ruser , resp , _ = client . GetUser ( context . Background ( ) , user . Id , resp . Etag )
2020-07-23 06:53:35 -04:00
CheckEtag ( t , ruser , resp )
2017-01-30 08:30:02 -05:00
2023-06-06 17:29:29 -04:00
_ , resp , err = client . GetUser ( context . Background ( ) , "junk" , "" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2020-07-23 06:53:35 -04:00
CheckBadRequestStatus ( t , resp )
2017-01-30 08:30:02 -05:00
2023-06-06 17:29:29 -04:00
_ , resp , err = client . GetUser ( context . Background ( ) , model . NewId ( ) , "" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2020-07-23 06:53:35 -04:00
CheckNotFoundStatus ( t , resp )
} )
2017-01-30 08:30:02 -05:00
// Check against privacy config settings
2019-01-31 08:12:01 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . PrivacySettings . ShowEmailAddress = false } )
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . PrivacySettings . ShowFullName = false } )
2017-01-30 08:30:02 -05:00
2023-06-06 17:29:29 -04:00
ruser , _ , err := th . Client . GetUser ( context . Background ( ) , user . Id , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-01-30 08:30:02 -05:00
2019-11-15 09:13:32 -05:00
require . Empty ( t , ruser . Email , "email should be blank" )
require . Empty ( t , ruser . FirstName , "first name should be blank" )
require . Empty ( t , ruser . LastName , "last name should be blank" )
2017-01-30 08:30:02 -05:00
2024-11-20 11:28:39 -05:00
_ , err = th . Client . Logout ( context . Background ( ) )
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
_ , resp , err := th . Client . GetUser ( context . Background ( ) , user . Id , "" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-01-30 08:30:02 -05:00
CheckUnauthorizedStatus ( t , resp )
// System admins should ignore privacy settings
2023-06-06 17:29:29 -04:00
ruser , _ , _ = th . SystemAdminClient . GetUser ( context . Background ( ) , user . Id , resp . Etag )
2019-11-15 09:13:32 -05:00
require . NotEmpty ( t , ruser . Email , "email should not be blank" )
require . NotEmpty ( t , ruser . FirstName , "first name should not be blank" )
require . NotEmpty ( t , ruser . LastName , "last name should not be blank" )
2017-02-07 11:54:07 -05:00
}
2019-03-27 09:01:35 -04:00
func TestGetUserWithAcceptedTermsOfServiceForOtherUser ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2020-07-22 04:20:33 -04:00
th := Setup ( t )
2019-03-27 09:01:35 -04:00
2025-11-12 07:00:51 -05:00
user := th . CreateUser ( t )
2019-03-27 09:01:35 -04:00
tos , _ := th . App . CreateTermsOfService ( "Dummy TOS" , user . Id )
2024-11-20 11:28:39 -05:00
_ , appErr := th . App . UpdateUser ( th . Context , user , false )
require . Nil ( t , appErr )
2019-03-27 09:01:35 -04:00
2023-06-06 17:29:29 -04:00
ruser , _ , err := th . Client . GetUser ( context . Background ( ) , user . Id , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-03-27 09:01:35 -04:00
CheckUserSanitization ( t , ruser )
2019-11-15 09:13:32 -05:00
require . Equal ( t , user . Email , ruser . Email )
2019-03-27 09:01:35 -04:00
assert . Empty ( t , ruser . TermsOfServiceId )
2024-11-20 11:28:39 -05:00
appErr = th . App . SaveUserTermsOfService ( user . Id , tos . Id , true )
require . Nil ( t , appErr )
2019-03-27 09:01:35 -04:00
2023-06-06 17:29:29 -04:00
ruser , _ , err = th . Client . GetUser ( context . Background ( ) , user . Id , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-03-27 09:01:35 -04:00
CheckUserSanitization ( t , ruser )
2019-11-15 09:13:32 -05:00
require . Equal ( t , user . Email , ruser . Email )
2019-03-27 09:01:35 -04:00
// user TOS data cannot be fetched for other users by non-admin users
assert . Empty ( t , ruser . TermsOfServiceId )
}
func TestGetUserWithAcceptedTermsOfService ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2019-03-27 09:01:35 -04:00
user := th . BasicUser
tos , _ := th . App . CreateTermsOfService ( "Dummy TOS" , user . Id )
2023-06-06 17:29:29 -04:00
ruser , _ , err := th . Client . GetUser ( context . Background ( ) , user . Id , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-03-27 09:01:35 -04:00
CheckUserSanitization ( t , ruser )
2019-11-15 09:13:32 -05:00
require . Equal ( t , user . Email , ruser . Email )
2019-03-27 09:01:35 -04:00
assert . Empty ( t , ruser . TermsOfServiceId )
2024-11-20 11:28:39 -05:00
appErr := th . App . SaveUserTermsOfService ( user . Id , tos . Id , true )
require . Nil ( t , appErr )
2019-03-27 09:01:35 -04:00
2023-06-06 17:29:29 -04:00
ruser , _ , err = th . Client . GetUser ( context . Background ( ) , user . Id , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-03-27 09:01:35 -04:00
CheckUserSanitization ( t , ruser )
2019-11-15 09:13:32 -05:00
require . Equal ( t , user . Email , ruser . Email )
2019-03-27 09:01:35 -04:00
// a user can view their own TOS details
assert . Equal ( t , tos . Id , ruser . TermsOfServiceId )
}
func TestGetUserWithAcceptedTermsOfServiceWithAdminUser ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2019-03-27 09:01:35 -04:00
2025-11-12 07:00:51 -05:00
th . LoginSystemAdmin ( t )
2019-03-27 09:01:35 -04:00
user := th . BasicUser
2025-11-12 07:00:51 -05:00
tos , appErr := th . App . CreateTermsOfService ( "Dummy TOS" , user . Id )
require . Nil ( t , appErr )
2019-03-27 09:01:35 -04:00
2023-06-06 17:29:29 -04:00
ruser , _ , err := th . SystemAdminClient . GetUser ( context . Background ( ) , user . Id , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-03-27 09:01:35 -04:00
CheckUserSanitization ( t , ruser )
2019-11-15 09:13:32 -05:00
require . Equal ( t , user . Email , ruser . Email )
2019-03-27 09:01:35 -04:00
assert . Empty ( t , ruser . TermsOfServiceId )
2025-11-12 07:00:51 -05:00
appErr = th . App . SaveUserTermsOfService ( user . Id , tos . Id , true )
2024-11-20 11:28:39 -05:00
require . Nil ( t , appErr )
2019-03-27 09:01:35 -04:00
2023-06-06 17:29:29 -04:00
ruser , _ , err = th . SystemAdminClient . GetUser ( context . Background ( ) , user . Id , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-03-27 09:01:35 -04:00
CheckUserSanitization ( t , ruser )
2019-11-15 09:13:32 -05:00
require . Equal ( t , user . Email , ruser . Email )
2019-03-27 09:01:35 -04:00
// admin can view anyone's TOS details
assert . Equal ( t , tos . Id , ruser . TermsOfServiceId )
}
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
func TestGetBotUser ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2025-11-12 07:00:51 -05:00
defaultPerms := th . SaveDefaultRolePermissions ( t )
defer th . RestoreDefaultRolePermissions ( t , defaultPerms )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2025-11-12 07:00:51 -05:00
th . AddPermissionToRole ( t , model . PermissionCreateBot . Id , model . TeamUserRoleId )
2024-11-20 11:28:39 -05:00
_ , appErr := th . App . UpdateUserRoles ( th . Context , th . BasicUser . Id , model . SystemUserRoleId + " " + model . TeamUserRoleId , false )
require . Nil ( t , appErr )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2019-05-13 10:48:32 -04:00
th . App . UpdateConfig ( func ( cfg * model . Config ) {
2019-05-23 16:03:22 -04:00
* cfg . ServiceSettings . EnableBotAccountCreation = true
2019-05-13 10:48:32 -04:00
} )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
bot := & model . Bot {
Username : GenerateTestUsername ( ) ,
DisplayName : "a bot" ,
Description : "bot" ,
}
2023-06-06 17:29:29 -04:00
createdBot , resp , err := th . Client . CreateBot ( context . Background ( ) , bot )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
CheckCreatedStatus ( t , resp )
2024-11-20 11:28:39 -05:00
defer func ( ) {
appErr := th . App . PermanentDeleteBot ( th . Context , createdBot . UserId )
require . Nil ( t , appErr )
} ( )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2023-06-06 17:29:29 -04:00
botUser , _ , err := th . Client . GetUser ( context . Background ( ) , createdBot . UserId , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
require . Equal ( t , bot . Username , botUser . Username )
require . True ( t , botUser . IsBot )
}
2017-02-08 05:00:16 -05:00
func TestGetUserByUsername ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2017-02-08 05:00:16 -05:00
user := th . BasicUser
2020-07-23 06:53:35 -04:00
th . TestForAllClients ( t , func ( t * testing . T , client * model . Client4 ) {
2023-06-06 17:29:29 -04:00
ruser , resp , err := client . GetUserByUsername ( context . Background ( ) , user . Username , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-07-23 06:53:35 -04:00
CheckUserSanitization ( t , ruser )
2017-02-08 05:00:16 -05:00
2020-07-23 06:53:35 -04:00
require . Equal ( t , user . Email , ruser . Email )
2017-02-08 05:00:16 -05:00
2023-06-06 17:29:29 -04:00
ruser , resp , _ = client . GetUserByUsername ( context . Background ( ) , user . Username , resp . Etag )
2020-07-23 06:53:35 -04:00
CheckEtag ( t , ruser , resp )
2017-02-08 05:00:16 -05:00
2023-06-06 17:29:29 -04:00
_ , resp , err = client . GetUserByUsername ( context . Background ( ) , GenerateTestUsername ( ) , "" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2020-07-23 06:53:35 -04:00
CheckNotFoundStatus ( t , resp )
} )
2017-02-08 05:00:16 -05:00
// Check against privacy config settings
2019-01-31 08:12:01 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . PrivacySettings . ShowEmailAddress = false } )
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . PrivacySettings . ShowFullName = false } )
2017-02-08 05:00:16 -05:00
2023-06-06 17:29:29 -04:00
ruser , _ , err := th . Client . GetUserByUsername ( context . Background ( ) , th . BasicUser2 . Username , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-02-08 05:00:16 -05:00
2019-11-15 09:13:32 -05:00
require . Empty ( t , ruser . Email , "email should be blank" )
require . Empty ( t , ruser . FirstName , "first name should be blank" )
require . Empty ( t , ruser . LastName , "last name should be blank" )
2017-02-08 05:00:16 -05:00
2023-06-06 17:29:29 -04:00
ruser , _ , err = th . Client . GetUserByUsername ( context . Background ( ) , th . BasicUser . Username , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-11-15 09:13:32 -05:00
require . NotEmpty ( t , ruser . NotifyProps , "notify props should be sent" )
2018-06-29 08:45:04 -04:00
2024-11-20 11:28:39 -05:00
_ , err = th . Client . Logout ( context . Background ( ) )
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
_ , resp , err := th . Client . GetUserByUsername ( context . Background ( ) , user . Username , "" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-02-08 05:00:16 -05:00
CheckUnauthorizedStatus ( t , resp )
2020-07-23 06:53:35 -04:00
th . TestForSystemAdminAndLocal ( t , func ( t * testing . T , client * model . Client4 ) {
// System admins should ignore privacy settings
2023-06-06 17:29:29 -04:00
ruser , _ , _ = client . GetUserByUsername ( context . Background ( ) , user . Username , resp . Etag )
2020-07-23 06:53:35 -04:00
require . NotEmpty ( t , ruser . Email , "email should not be blank" )
require . NotEmpty ( t , ruser . FirstName , "first name should not be blank" )
require . NotEmpty ( t , ruser . LastName , "last name should not be blank" )
2020-03-01 13:52:16 -05:00
} )
2017-02-08 05:00:16 -05:00
}
2019-03-27 09:01:35 -04:00
func TestGetUserByUsernameWithAcceptedTermsOfService ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2019-03-27 09:01:35 -04:00
user := th . BasicUser
2023-06-06 17:29:29 -04:00
ruser , _ , err := th . Client . GetUserByUsername ( context . Background ( ) , user . Username , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-03-27 09:01:35 -04:00
CheckUserSanitization ( t , ruser )
2019-11-15 09:13:32 -05:00
require . Equal ( t , user . Email , ruser . Email )
2019-03-27 09:01:35 -04:00
2024-11-20 11:28:39 -05:00
tos , appErr := th . App . CreateTermsOfService ( "Dummy TOS" , user . Id )
require . Nil ( t , appErr )
appErr = th . App . SaveUserTermsOfService ( ruser . Id , tos . Id , true )
require . Nil ( t , appErr )
2019-03-27 09:01:35 -04:00
2023-06-06 17:29:29 -04:00
ruser , _ , err = th . Client . GetUserByUsername ( context . Background ( ) , user . Username , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-03-27 09:01:35 -04:00
CheckUserSanitization ( t , ruser )
2019-11-15 09:13:32 -05:00
require . Equal ( t , user . Email , ruser . Email )
2019-03-27 09:01:35 -04:00
2019-11-15 09:13:32 -05:00
require . Equal ( t , tos . Id , ruser . TermsOfServiceId , "Terms of service ID should match" )
2019-03-27 09:01:35 -04:00
}
2020-10-21 11:08:33 -04:00
func TestSaveUserTermsOfService ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2020-10-21 11:08:33 -04:00
th := Setup ( t )
t . Run ( "Invalid data" , func ( t * testing . T ) {
2023-06-06 17:29:29 -04:00
resp , err := th . Client . DoAPIPost ( context . Background ( ) , "/users/" + th . BasicUser . Id + "/terms_of_service" , "{}" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2020-10-21 11:08:33 -04:00
assert . Equal ( t , http . StatusBadRequest , resp . StatusCode )
} )
}
2017-02-07 11:54:07 -05:00
func TestGetUserByEmail ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2020-07-22 04:20:33 -04:00
th := Setup ( t )
2018-07-11 06:58:16 -04:00
2025-11-12 07:00:51 -05:00
user := th . CreateUser ( t )
2023-06-06 17:29:29 -04:00
userWithSlash , _ , err := th . SystemAdminClient . CreateUser ( context . Background ( ) , & model . User {
2020-07-23 06:53:35 -04:00
Email : "email/with/slashes@example.com" ,
Username : GenerateTestUsername ( ) ,
2026-04-08 15:49:43 -04:00
Password : model . NewTestPassword ( ) ,
2020-07-23 06:53:35 -04:00
} )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-02-07 11:54:07 -05:00
2018-12-18 16:04:25 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) {
2019-01-31 08:12:01 -05:00
* cfg . PrivacySettings . ShowEmailAddress = true
* cfg . PrivacySettings . ShowFullName = true
2018-12-18 16:04:25 -05:00
} )
2017-02-07 11:54:07 -05:00
2020-07-23 06:53:35 -04:00
th . TestForAllClients ( t , func ( t * testing . T , client * model . Client4 ) {
t . Run ( "should be able to get another user by email" , func ( t * testing . T ) {
2023-06-06 17:29:29 -04:00
ruser , _ , err := client . GetUserByEmail ( context . Background ( ) , user . Email , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-07-23 06:53:35 -04:00
CheckUserSanitization ( t , ruser )
2017-02-07 11:54:07 -05:00
2020-07-23 06:53:35 -04:00
require . Equal ( t , user . Email , ruser . Email )
} )
2017-02-07 11:54:07 -05:00
2020-07-23 06:53:35 -04:00
t . Run ( "Get user with a / character in the email" , func ( t * testing . T ) {
2023-06-06 17:29:29 -04:00
ruser , _ , err := client . GetUserByEmail ( context . Background ( ) , userWithSlash . Email , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-07-23 06:53:35 -04:00
require . Equal ( t , ruser . Id , userWithSlash . Id )
} )
2017-02-07 11:54:07 -05:00
2020-07-23 06:53:35 -04:00
t . Run ( "should return not modified when provided with a matching etag" , func ( t * testing . T ) {
2023-06-06 17:29:29 -04:00
_ , resp , err := client . GetUserByEmail ( context . Background ( ) , user . Email , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-02-07 11:54:07 -05:00
2023-06-06 17:29:29 -04:00
ruser , resp , _ := client . GetUserByEmail ( context . Background ( ) , user . Email , resp . Etag )
2020-07-23 06:53:35 -04:00
CheckEtag ( t , ruser , resp )
} )
2017-02-07 11:54:07 -05:00
2020-07-23 06:53:35 -04:00
t . Run ( "should return bad request when given an invalid email" , func ( t * testing . T ) {
2023-06-06 17:29:29 -04:00
_ , resp , err := client . GetUserByEmail ( context . Background ( ) , GenerateTestUsername ( ) , "" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2020-07-23 06:53:35 -04:00
CheckBadRequestStatus ( t , resp )
} )
t . Run ( "should return 404 when given a non-existent email" , func ( t * testing . T ) {
2023-06-06 17:29:29 -04:00
_ , resp , err := client . GetUserByEmail ( context . Background ( ) , th . GenerateTestEmail ( ) , "" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2020-07-23 06:53:35 -04:00
CheckNotFoundStatus ( t , resp )
} )
2018-12-18 16:04:25 -05:00
} )
2017-02-07 11:54:07 -05:00
2018-12-18 16:04:25 -05:00
t . Run ( "should sanitize full name for non-admin based on privacy settings" , func ( t * testing . T ) {
th . App . UpdateConfig ( func ( cfg * model . Config ) {
2019-01-31 08:12:01 -05:00
* cfg . PrivacySettings . ShowEmailAddress = true
* cfg . PrivacySettings . ShowFullName = false
2018-12-18 16:04:25 -05:00
} )
2017-02-07 11:54:07 -05:00
2023-06-06 17:29:29 -04:00
ruser , _ , err := th . Client . GetUserByEmail ( context . Background ( ) , user . Email , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2018-12-18 16:04:25 -05:00
assert . Equal ( t , "" , ruser . FirstName , "first name should be blank" )
assert . Equal ( t , "" , ruser . LastName , "last name should be blank" )
2017-02-07 11:54:07 -05:00
2018-12-18 16:04:25 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) {
2019-01-31 08:12:01 -05:00
* cfg . PrivacySettings . ShowFullName = true
2018-12-18 16:04:25 -05:00
} )
2023-06-06 17:29:29 -04:00
ruser , _ , err = th . Client . GetUserByEmail ( context . Background ( ) , user . Email , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2018-12-18 16:04:25 -05:00
assert . NotEqual ( t , "" , ruser . FirstName , "first name should be set" )
assert . NotEqual ( t , "" , ruser . LastName , "last name should be set" )
} )
t . Run ( "should return forbidden for non-admin when privacy settings hide email" , func ( t * testing . T ) {
th . App . UpdateConfig ( func ( cfg * model . Config ) {
2019-01-31 08:12:01 -05:00
* cfg . PrivacySettings . ShowEmailAddress = false
2018-12-18 16:04:25 -05:00
} )
2023-06-06 17:29:29 -04:00
_ , resp , err := th . Client . GetUserByEmail ( context . Background ( ) , user . Email , "" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2018-12-18 16:04:25 -05:00
CheckForbiddenStatus ( t , resp )
th . App . UpdateConfig ( func ( cfg * model . Config ) {
2019-01-31 08:12:01 -05:00
* cfg . PrivacySettings . ShowEmailAddress = true
2018-12-18 16:04:25 -05:00
} )
2023-06-06 17:29:29 -04:00
ruser , _ , err := th . Client . GetUserByEmail ( context . Background ( ) , user . Email , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2018-12-18 16:04:25 -05:00
assert . Equal ( t , user . Email , ruser . Email , "email should be set" )
} )
2020-07-23 06:53:35 -04:00
th . TestForSystemAdminAndLocal ( t , func ( t * testing . T , client * model . Client4 ) {
t . Run ( "should not sanitize full name for admin, regardless of privacy settings" , func ( t * testing . T ) {
th . App . UpdateConfig ( func ( cfg * model . Config ) {
* cfg . PrivacySettings . ShowEmailAddress = true
* cfg . PrivacySettings . ShowFullName = false
} )
2018-12-18 16:04:25 -05:00
2023-06-06 17:29:29 -04:00
ruser , _ , err := client . GetUserByEmail ( context . Background ( ) , user . Email , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-07-23 06:53:35 -04:00
assert . NotEqual ( t , "" , ruser . FirstName , "first name should be set" )
assert . NotEqual ( t , "" , ruser . LastName , "last name should be set" )
2018-12-18 16:04:25 -05:00
2020-07-23 06:53:35 -04:00
th . App . UpdateConfig ( func ( cfg * model . Config ) {
* cfg . PrivacySettings . ShowFullName = true
} )
2023-06-06 17:29:29 -04:00
ruser , _ , err = client . GetUserByEmail ( context . Background ( ) , user . Email , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-07-23 06:53:35 -04:00
assert . NotEqual ( t , "" , ruser . FirstName , "first name should be set" )
assert . NotEqual ( t , "" , ruser . LastName , "last name should be set" )
2018-12-18 16:04:25 -05:00
} )
2020-07-23 06:53:35 -04:00
t . Run ( "should always return email for admin, regardless of privacy settings" , func ( t * testing . T ) {
th . App . UpdateConfig ( func ( cfg * model . Config ) {
* cfg . PrivacySettings . ShowEmailAddress = false
} )
2023-06-06 17:29:29 -04:00
ruser , _ , err := client . GetUserByEmail ( context . Background ( ) , user . Email , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-07-23 06:53:35 -04:00
assert . Equal ( t , user . Email , ruser . Email , "email should be set" )
th . App . UpdateConfig ( func ( cfg * model . Config ) {
* cfg . PrivacySettings . ShowEmailAddress = true
} )
2023-06-06 17:29:29 -04:00
ruser , _ , err = client . GetUserByEmail ( context . Background ( ) , user . Email , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-07-23 06:53:35 -04:00
assert . Equal ( t , user . Email , ruser . Email , "email should be set" )
} )
2018-12-18 16:04:25 -05:00
} )
2017-01-30 08:30:02 -05:00
}
2022-10-27 04:27:46 -04:00
// This test can flake if two calls to model.NewId can return the same value.
// Not much can be done about it.
2017-03-23 06:34:22 -04:00
func TestSearchUsers ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2018-07-11 06:58:16 -04:00
2017-03-23 06:34:22 -04:00
search := & model . UserSearch { Term : th . BasicUser . Username }
2023-06-06 17:29:29 -04:00
users , _ , err := th . Client . SearchUsers ( context . Background ( ) , search )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-03-23 06:34:22 -04:00
2019-11-15 09:13:32 -05:00
require . True ( t , findUserInList ( th . BasicUser . Id , users ) , "should have found user" )
2017-03-23 06:34:22 -04:00
2021-08-13 07:12:16 -04:00
_ , appErr := th . App . UpdateActive ( th . Context , th . BasicUser2 , false )
require . Nil ( t , appErr )
2017-03-23 06:34:22 -04:00
search . Term = th . BasicUser2 . Username
search . AllowInactive = false
2023-06-06 17:29:29 -04:00
users , _ , err = th . Client . SearchUsers ( context . Background ( ) , search )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-03-23 06:34:22 -04:00
2019-11-15 09:13:32 -05:00
require . False ( t , findUserInList ( th . BasicUser2 . Id , users ) , "should not have found user" )
2017-03-23 06:34:22 -04:00
search . AllowInactive = true
2023-06-06 17:29:29 -04:00
users , _ , err = th . Client . SearchUsers ( context . Background ( ) , search )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-03-23 06:34:22 -04:00
2019-11-15 09:13:32 -05:00
require . True ( t , findUserInList ( th . BasicUser2 . Id , users ) , "should have found user" )
2017-03-23 06:34:22 -04:00
search . Term = th . BasicUser . Username
search . AllowInactive = false
search . TeamId = th . BasicTeam . Id
2023-06-06 17:29:29 -04:00
users , _ , err = th . Client . SearchUsers ( context . Background ( ) , search )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-03-23 06:34:22 -04:00
2019-11-15 09:13:32 -05:00
require . True ( t , findUserInList ( th . BasicUser . Id , users ) , "should have found user" )
2017-03-23 06:34:22 -04:00
search . NotInChannelId = th . BasicChannel . Id
2023-06-06 17:29:29 -04:00
users , _ , err = th . Client . SearchUsers ( context . Background ( ) , search )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-03-23 06:34:22 -04:00
2019-11-15 09:13:32 -05:00
require . False ( t , findUserInList ( th . BasicUser . Id , users ) , "should not have found user" )
2017-03-23 06:34:22 -04:00
search . TeamId = ""
search . NotInChannelId = ""
search . InChannelId = th . BasicChannel . Id
2023-06-06 17:29:29 -04:00
users , _ , err = th . Client . SearchUsers ( context . Background ( ) , search )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-03-23 06:34:22 -04:00
2019-11-15 09:13:32 -05:00
require . True ( t , findUserInList ( th . BasicUser . Id , users ) , "should have found user" )
2017-03-23 06:34:22 -04:00
search . InChannelId = ""
search . NotInChannelId = th . BasicChannel . Id
2023-06-06 17:29:29 -04:00
_ , resp , err := th . Client . SearchUsers ( context . Background ( ) , search )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-03-23 06:34:22 -04:00
CheckBadRequestStatus ( t , resp )
search . NotInChannelId = model . NewId ( )
search . TeamId = model . NewId ( )
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . SearchUsers ( context . Background ( ) , search )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-03-23 06:34:22 -04:00
CheckForbiddenStatus ( t , resp )
search . NotInChannelId = ""
search . TeamId = model . NewId ( )
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . SearchUsers ( context . Background ( ) , search )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-03-23 06:34:22 -04:00
CheckForbiddenStatus ( t , resp )
search . InChannelId = model . NewId ( )
search . TeamId = ""
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . SearchUsers ( context . Background ( ) , search )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-03-23 06:34:22 -04:00
CheckForbiddenStatus ( t , resp )
2017-04-03 13:11:12 -04:00
// Test search for users not in any team
search . TeamId = ""
search . NotInChannelId = ""
search . InChannelId = ""
search . NotInTeamId = th . BasicTeam . Id
2023-06-06 17:29:29 -04:00
users , _ , err = th . Client . SearchUsers ( context . Background ( ) , search )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-04-03 13:11:12 -04:00
2019-11-15 09:13:32 -05:00
require . False ( t , findUserInList ( th . BasicUser . Id , users ) , "should not have found user" )
2017-04-03 13:11:12 -04:00
2025-11-12 07:00:51 -05:00
oddUser := th . CreateUser ( t )
2017-04-03 13:11:12 -04:00
search . Term = oddUser . Username
2023-06-06 17:29:29 -04:00
users , _ , err = th . Client . SearchUsers ( context . Background ( ) , search )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-04-03 13:11:12 -04:00
2019-11-15 09:13:32 -05:00
require . True ( t , findUserInList ( oddUser . Id , users ) , "should have found user" )
2017-04-03 13:11:12 -04:00
2023-06-06 17:29:29 -04:00
_ , _ , err = th . SystemAdminClient . AddTeamMember ( context . Background ( ) , th . BasicTeam . Id , oddUser . Id )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-04-03 13:11:12 -04:00
2023-06-06 17:29:29 -04:00
users , _ , err = th . Client . SearchUsers ( context . Background ( ) , search )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-04-03 13:11:12 -04:00
2019-11-15 09:13:32 -05:00
require . False ( t , findUserInList ( oddUser . Id , users ) , "should not have found user" )
2017-04-03 13:11:12 -04:00
search . NotInTeamId = model . NewId ( )
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . SearchUsers ( context . Background ( ) , search )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-04-03 13:11:12 -04:00
CheckForbiddenStatus ( t , resp )
search . Term = th . BasicUser . Username
2019-01-31 08:12:01 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . PrivacySettings . ShowEmailAddress = false } )
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . PrivacySettings . ShowFullName = false } )
2017-03-23 06:34:22 -04:00
2021-08-13 07:12:16 -04:00
_ , appErr = th . App . UpdateActive ( th . Context , th . BasicUser2 , true )
require . Nil ( t , appErr )
2017-03-23 06:34:22 -04:00
search . InChannelId = ""
2017-04-03 13:11:12 -04:00
search . NotInTeamId = ""
2017-03-23 06:34:22 -04:00
search . Term = th . BasicUser2 . Email
2023-06-06 17:29:29 -04:00
users , _ , err = th . Client . SearchUsers ( context . Background ( ) , search )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-03-23 06:34:22 -04:00
2019-11-15 09:13:32 -05:00
require . False ( t , findUserInList ( th . BasicUser2 . Id , users ) , "should not have found user" )
2017-03-23 06:34:22 -04:00
search . Term = th . BasicUser2 . FirstName
2023-06-06 17:29:29 -04:00
users , _ , err = th . Client . SearchUsers ( context . Background ( ) , search )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-03-23 06:34:22 -04:00
2019-11-15 09:13:32 -05:00
require . False ( t , findUserInList ( th . BasicUser2 . Id , users ) , "should not have found user" )
2017-03-23 06:34:22 -04:00
search . Term = th . BasicUser2 . LastName
2023-06-06 17:29:29 -04:00
users , _ , err = th . Client . SearchUsers ( context . Background ( ) , search )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-03-23 06:34:22 -04:00
2019-11-15 09:13:32 -05:00
require . False ( t , findUserInList ( th . BasicUser2 . Id , users ) , "should not have found user" )
2017-03-23 06:34:22 -04:00
search . Term = th . BasicUser . FirstName
search . InChannelId = th . BasicChannel . Id
search . NotInChannelId = th . BasicChannel . Id
search . TeamId = th . BasicTeam . Id
2023-06-06 17:29:29 -04:00
users , _ , err = th . SystemAdminClient . SearchUsers ( context . Background ( ) , search )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-03-23 06:34:22 -04:00
2019-11-15 09:13:32 -05:00
require . True ( t , findUserInList ( th . BasicUser . Id , users ) , "should have found user" )
2020-06-18 10:22:35 -04:00
id := model . NewId ( )
2021-08-13 07:12:16 -04:00
group , appErr := th . App . CreateGroup ( & model . Group {
2020-06-18 10:22:35 -04:00
DisplayName : "dn-foo_" + id ,
2024-08-05 23:45:00 -04:00
Name : model . NewPointer ( "name" + id ) ,
2020-06-18 10:22:35 -04:00
Source : model . GroupSourceLdap ,
Description : "description_" + id ,
2024-08-05 23:45:00 -04:00
RemoteId : model . NewPointer ( model . NewId ( ) ) ,
2020-06-18 10:22:35 -04:00
} )
2021-08-13 07:12:16 -04:00
assert . Nil ( t , appErr )
2020-06-18 10:22:35 -04:00
search = & model . UserSearch { Term : th . BasicUser . Username , InGroupId : group . Id }
t . Run ( "Requires ldap license when searching in group" , func ( t * testing . T ) {
2023-06-06 17:29:29 -04:00
_ , resp , err = th . SystemAdminClient . SearchUsers ( context . Background ( ) , search )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2022-08-08 10:32:49 -04:00
CheckForbiddenStatus ( t , resp )
2020-06-18 10:22:35 -04:00
} )
th . App . Srv ( ) . SetLicense ( model . NewTestLicense ( "ldap" ) )
t . Run ( "Requires manage system permission when searching for users in a group" , func ( t * testing . T ) {
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . SearchUsers ( context . Background ( ) , search )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2020-06-18 10:22:35 -04:00
CheckForbiddenStatus ( t , resp )
} )
t . Run ( "Returns empty list when no users found searching for users in a group" , func ( t * testing . T ) {
2023-06-06 17:29:29 -04:00
users , _ , err = th . SystemAdminClient . SearchUsers ( context . Background ( ) , search )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-06-18 10:22:35 -04:00
require . Empty ( t , users )
} )
2021-08-13 07:12:16 -04:00
_ , appErr = th . App . UpsertGroupMember ( group . Id , th . BasicUser . Id )
assert . Nil ( t , appErr )
2020-06-18 10:22:35 -04:00
t . Run ( "Returns user in group user found in group" , func ( t * testing . T ) {
2023-06-06 17:29:29 -04:00
users , _ , err = th . SystemAdminClient . SearchUsers ( context . Background ( ) , search )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-06-18 10:22:35 -04:00
require . Equal ( t , users [ 0 ] . Id , th . BasicUser . Id )
} )
2022-11-04 13:10:26 -04:00
id = model . NewId ( )
group , appErr = th . App . CreateGroup ( & model . Group {
DisplayName : "dn-foo_" + id ,
2024-08-05 23:45:00 -04:00
Name : model . NewPointer ( "name" + id ) ,
2022-11-04 13:10:26 -04:00
Source : model . GroupSourceCustom ,
Description : "description_" + id ,
2024-08-05 23:45:00 -04:00
RemoteId : model . NewPointer ( model . NewId ( ) ) ,
2022-11-04 13:10:26 -04:00
} )
assert . Nil ( t , appErr )
th . App . Srv ( ) . SetLicense ( model . NewTestLicenseSKU ( model . LicenseShortSkuProfessional , "ldap" ) )
search = & model . UserSearch { Term : th . BasicUser . Username , NotInGroupId : group . Id }
t . Run ( "Returns users not in group" , func ( t * testing . T ) {
2023-06-06 17:29:29 -04:00
users , _ , err = th . Client . SearchUsers ( context . Background ( ) , search )
2022-11-04 13:10:26 -04:00
require . NoError ( t , err )
require . Equal ( t , users [ 0 ] . Id , th . BasicUser . Id )
} )
_ , appErr = th . App . UpsertGroupMember ( group . Id , th . BasicUser . Id )
assert . Nil ( t , appErr )
t . Run ( "Returns empty list for not in group" , func ( t * testing . T ) {
2023-06-06 17:29:29 -04:00
users , _ , err = th . Client . SearchUsers ( context . Background ( ) , search )
2022-11-04 13:10:26 -04:00
require . NoError ( t , err )
assert . Len ( t , users , 0 )
} )
members := & model . GroupModifyMembers {
UserIds : [ ] string { th . BasicUser . Id } ,
}
2023-06-06 17:29:29 -04:00
_ , _ , delErr := th . Client . DeleteGroupMembers ( context . Background ( ) , group . Id , members )
2022-11-04 13:10:26 -04:00
require . NoError ( t , delErr )
t . Run ( "Returns user not in group after they were deleted from group" , func ( t * testing . T ) {
2023-06-06 17:29:29 -04:00
users , _ , err = th . Client . SearchUsers ( context . Background ( ) , search )
2022-11-04 13:10:26 -04:00
require . NoError ( t , err )
require . Equal ( t , users [ 0 ] . Id , th . BasicUser . Id )
} )
2025-06-19 05:52:16 -04:00
// Create LDAP user
authData := "some auth data"
ldapUser := & model . User {
Email : th . GenerateTestEmail ( ) ,
Username : GenerateTestUsername ( ) ,
EmailVerified : true ,
AuthService : model . UserAuthServiceLdap ,
AuthData : & authData ,
}
ldapUser , appErr = th . App . CreateUser ( th . Context , ldapUser )
require . Nil ( t , appErr )
t . Run ( "LDAP authdata field is returned appropriately" , func ( t * testing . T ) {
// Search as regular user
search := & model . UserSearch { Term : ldapUser . Username }
users , resp , err := th . Client . SearchUsers ( context . Background ( ) , search )
require . NoError ( t , err )
CheckOKStatus ( t , resp )
require . Len ( t , users , 1 , "should find the ldap user" )
require . Equal ( t , ldapUser . Id , users [ 0 ] . Id )
require . Empty ( t , users [ 0 ] . AuthData , "regular user should not see AuthData" )
// Search as system admin
users , resp , err = th . SystemAdminClient . SearchUsers ( context . Background ( ) , search )
require . NoError ( t , err )
CheckOKStatus ( t , resp )
require . Len ( t , users , 1 , "should find the ldap user" )
require . Equal ( t , ldapUser . Id , users [ 0 ] . Id )
require . NotNil ( t , users [ 0 ] . AuthData , "admin should see AuthData" )
require . Equal ( t , * ldapUser . AuthData , * users [ 0 ] . AuthData )
} )
2017-03-23 06:34:22 -04:00
}
2022-08-18 10:23:37 -04:00
func findUserInList ( id string , users [ ] * model . User ) bool { //nolint:unused
2017-03-23 06:34:22 -04:00
for _ , user := range users {
if user . Id == id {
return true
}
}
return false
}
2019-09-18 14:27:32 -04:00
func TestAutocompleteUsersInChannel ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2017-03-13 08:29:41 -04:00
teamId := th . BasicTeam . Id
channelId := th . BasicChannel . Id
username := th . BasicUser . Username
2025-11-12 07:00:51 -05:00
newUser := th . CreateUser ( t )
2019-09-18 14:27:32 -04:00
tt := [ ] struct {
Name string
TeamId string
ChannelId string
Username string
ExpectedResults int
MoreThan bool
2020-06-26 14:37:35 -04:00
ShouldFail bool
2019-09-18 14:27:32 -04:00
} {
{
"Autocomplete in channel for specific username" ,
teamId ,
channelId ,
username ,
1 ,
false ,
2020-06-26 14:37:35 -04:00
false ,
2019-09-18 14:27:32 -04:00
} ,
{
"Search for not valid username" ,
teamId ,
channelId ,
"amazonses" ,
0 ,
false ,
2020-06-26 14:37:35 -04:00
false ,
2019-09-18 14:27:32 -04:00
} ,
{
"Search for all users" ,
teamId ,
channelId ,
"" ,
2 ,
true ,
2020-06-26 14:37:35 -04:00
false ,
2019-09-18 14:27:32 -04:00
} ,
{
2020-06-26 14:37:35 -04:00
"Fail when the teamId is not provided" ,
2019-09-18 14:27:32 -04:00
"" ,
channelId ,
"" ,
2 ,
true ,
2020-06-26 14:37:35 -04:00
true ,
2019-09-18 14:27:32 -04:00
} ,
2017-03-13 08:29:41 -04:00
}
2019-09-18 14:27:32 -04:00
for _ , tc := range tt {
t . Run ( tc . Name , func ( t * testing . T ) {
2025-11-12 07:00:51 -05:00
th . LoginBasic ( t )
2023-06-06 17:29:29 -04:00
rusers , _ , err := th . Client . AutocompleteUsersInChannel ( context . Background ( ) , tc . TeamId , tc . ChannelId , tc . Username , model . UserSearchDefaultLimit , "" )
2020-06-26 14:37:35 -04:00
if tc . ShouldFail {
2021-08-13 07:12:16 -04:00
CheckErrorID ( t , err , "api.user.autocomplete_users.missing_team_id.app_error" )
2019-09-18 14:27:32 -04:00
} else {
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-06-26 14:37:35 -04:00
if tc . MoreThan {
assert . True ( t , len ( rusers . Users ) >= tc . ExpectedResults )
} else {
assert . Len ( t , rusers . Users , tc . ExpectedResults )
}
2019-09-18 14:27:32 -04:00
}
2020-06-26 14:37:35 -04:00
2024-11-20 11:28:39 -05:00
_ , err = th . Client . Logout ( context . Background ( ) )
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
_ , resp , err := th . Client . AutocompleteUsersInChannel ( context . Background ( ) , tc . TeamId , tc . ChannelId , tc . Username , model . UserSearchDefaultLimit , "" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2019-09-18 14:27:32 -04:00
CheckUnauthorizedStatus ( t , resp )
2024-11-20 11:28:39 -05:00
_ , _ , err = th . Client . Login ( context . Background ( ) , newUser . Email , newUser . Password )
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . AutocompleteUsersInChannel ( context . Background ( ) , tc . TeamId , tc . ChannelId , tc . Username , model . UserSearchDefaultLimit , "" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2019-09-18 14:27:32 -04:00
CheckForbiddenStatus ( t , resp )
} )
2017-03-13 08:29:41 -04:00
}
2019-09-18 14:27:32 -04:00
t . Run ( "Check against privacy config settings" , func ( t * testing . T ) {
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . PrivacySettings . ShowFullName = false } )
2017-03-13 08:29:41 -04:00
2025-11-12 07:00:51 -05:00
th . LoginBasic ( t )
2023-06-06 17:29:29 -04:00
rusers , _ , err := th . Client . AutocompleteUsersInChannel ( context . Background ( ) , teamId , channelId , username , model . UserSearchDefaultLimit , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-03-13 08:29:41 -04:00
2019-09-18 14:27:32 -04:00
assert . Equal ( t , rusers . Users [ 0 ] . FirstName , "" , "should not show first/last name" )
assert . Equal ( t , rusers . Users [ 0 ] . LastName , "" , "should not show first/last name" )
} )
2017-03-13 08:29:41 -04:00
2019-09-18 14:27:32 -04:00
t . Run ( "Check OutOfChannel results with/without VIEW_MEMBERS permissions" , func ( t * testing . T ) {
2024-11-20 11:28:39 -05:00
t . Skip ( "https://mattermost.atlassian.net/browse/MM-61041" )
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . GuestAccountsSettings . Enable = true } )
th . App . Srv ( ) . SetLicense ( model . NewTestLicense ( ) )
defer func ( ) {
appErr := th . App . Srv ( ) . RemoveLicense ( )
require . Nil ( t , appErr )
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . GuestAccountsSettings . Enable = false } )
} ( )
2025-11-12 07:00:51 -05:00
permissionsUser := th . CreateUser ( t )
2024-11-20 11:28:39 -05:00
_ , err := th . SystemAdminClient . DemoteUserToGuest ( context . Background ( ) , permissionsUser . Id )
require . NoError ( t , err )
2019-09-18 14:27:32 -04:00
permissionsUser . Roles = "system_guest"
2025-11-12 07:00:51 -05:00
th . LinkUserToTeam ( t , permissionsUser , th . BasicTeam )
th . AddUserToChannel ( t , permissionsUser , th . BasicChannel )
2017-03-13 08:29:41 -04:00
2025-11-12 07:00:51 -05:00
otherUser := th . CreateUser ( t )
th . LinkUserToTeam ( t , otherUser , th . BasicTeam )
2017-03-13 08:29:41 -04:00
2024-11-20 11:28:39 -05:00
_ , _ , err = th . Client . Login ( context . Background ( ) , permissionsUser . Email , permissionsUser . Password )
require . NoError ( t , err )
2017-03-13 08:29:41 -04:00
2023-06-06 17:29:29 -04:00
rusers , _ , err := th . Client . AutocompleteUsersInChannel ( context . Background ( ) , teamId , channelId , "" , model . UserSearchDefaultLimit , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-09-18 14:27:32 -04:00
assert . Len ( t , rusers . OutOfChannel , 1 )
2017-03-13 08:29:41 -04:00
2025-11-12 07:00:51 -05:00
defaultRolePermissions := th . SaveDefaultRolePermissions ( t )
2019-09-18 14:27:32 -04:00
defer func ( ) {
2025-11-12 07:00:51 -05:00
th . RestoreDefaultRolePermissions ( t , defaultRolePermissions )
2019-09-18 14:27:32 -04:00
} ( )
2017-03-13 08:29:41 -04:00
2025-11-12 07:00:51 -05:00
th . RemovePermissionFromRole ( t , model . PermissionViewMembers . Id , model . SystemUserRoleId )
th . RemovePermissionFromRole ( t , model . PermissionViewMembers . Id , model . TeamUserRoleId )
2017-03-13 08:29:41 -04:00
2023-06-06 17:29:29 -04:00
rusers , _ , err = th . Client . AutocompleteUsersInChannel ( context . Background ( ) , teamId , channelId , "" , model . UserSearchDefaultLimit , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-12-22 06:35:31 -05:00
assert . Empty ( t , rusers . OutOfChannel )
2017-03-13 08:29:41 -04:00
2024-11-20 11:28:39 -05:00
_ , appErr := th . App . GetOrCreateDirectChannel ( th . Context , permissionsUser . Id , otherUser . Id )
require . Nil ( t , appErr )
2017-03-13 08:29:41 -04:00
2023-06-06 17:29:29 -04:00
rusers , _ , err = th . Client . AutocompleteUsersInChannel ( context . Background ( ) , teamId , channelId , "" , model . UserSearchDefaultLimit , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-09-18 14:27:32 -04:00
assert . Len ( t , rusers . OutOfChannel , 1 )
} )
2017-03-13 08:29:41 -04:00
2019-09-18 14:27:32 -04:00
t . Run ( "user must have access to team id, especially when it does not match channel's team id" , func ( t * testing . T ) {
2023-06-06 17:29:29 -04:00
_ , _ , err := th . Client . AutocompleteUsersInChannel ( context . Background ( ) , "otherTeamId" , channelId , username , model . UserSearchDefaultLimit , "" )
2021-08-13 07:12:16 -04:00
CheckErrorID ( t , err , "api.context.permissions.app_error" )
2019-09-18 14:27:32 -04:00
} )
}
2017-03-13 08:29:41 -04:00
2019-09-18 14:27:32 -04:00
func TestAutocompleteUsersInTeam ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2019-09-18 14:27:32 -04:00
teamId := th . BasicTeam . Id
username := th . BasicUser . Username
2025-11-12 07:00:51 -05:00
newUser := th . CreateUser ( t )
2019-09-18 14:27:32 -04:00
tt := [ ] struct {
Name string
TeamId string
Username string
ExpectedResults int
MoreThan bool
} {
{
"specific username" ,
teamId ,
username ,
1 ,
false ,
} ,
{
"not valid username" ,
teamId ,
"amazonses" ,
0 ,
false ,
} ,
{
"all users in team" ,
teamId ,
"" ,
2 ,
true ,
} ,
}
2017-03-13 08:29:41 -04:00
2019-09-18 14:27:32 -04:00
for _ , tc := range tt {
t . Run ( tc . Name , func ( t * testing . T ) {
2025-11-12 07:00:51 -05:00
th . LoginBasic ( t )
2023-06-06 17:29:29 -04:00
rusers , _ , err := th . Client . AutocompleteUsersInTeam ( context . Background ( ) , tc . TeamId , tc . Username , model . UserSearchDefaultLimit , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-09-18 14:27:32 -04:00
if tc . MoreThan {
assert . True ( t , len ( rusers . Users ) >= tc . ExpectedResults )
} else {
assert . Len ( t , rusers . Users , tc . ExpectedResults )
}
2024-11-20 11:28:39 -05:00
_ , err = th . Client . Logout ( context . Background ( ) )
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
_ , resp , err := th . Client . AutocompleteUsersInTeam ( context . Background ( ) , tc . TeamId , tc . Username , model . UserSearchDefaultLimit , "" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2019-09-18 14:27:32 -04:00
CheckUnauthorizedStatus ( t , resp )
2024-11-20 11:28:39 -05:00
_ , _ , err = th . Client . Login ( context . Background ( ) , newUser . Email , newUser . Password )
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . AutocompleteUsersInTeam ( context . Background ( ) , tc . TeamId , tc . Username , model . UserSearchDefaultLimit , "" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2019-09-18 14:27:32 -04:00
CheckForbiddenStatus ( t , resp )
} )
}
2017-03-13 08:29:41 -04:00
2019-09-18 14:27:32 -04:00
t . Run ( "Check against privacy config settings" , func ( t * testing . T ) {
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . PrivacySettings . ShowFullName = false } )
2017-03-13 08:29:41 -04:00
2025-11-12 07:00:51 -05:00
th . LoginBasic ( t )
2023-06-06 17:29:29 -04:00
rusers , _ , err := th . Client . AutocompleteUsersInTeam ( context . Background ( ) , teamId , username , model . UserSearchDefaultLimit , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-03-13 08:29:41 -04:00
2019-09-18 14:27:32 -04:00
assert . Equal ( t , rusers . Users [ 0 ] . FirstName , "" , "should not show first/last name" )
assert . Equal ( t , rusers . Users [ 0 ] . LastName , "" , "should not show first/last name" )
} )
}
2017-03-13 08:29:41 -04:00
2019-09-18 14:27:32 -04:00
func TestAutocompleteUsers ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2019-09-18 14:27:32 -04:00
username := th . BasicUser . Username
2025-11-12 07:00:51 -05:00
newUser := th . CreateUser ( t )
2019-09-18 14:27:32 -04:00
tt := [ ] struct {
Name string
Username string
ExpectedResults int
MoreThan bool
} {
{
"specific username" ,
username ,
1 ,
false ,
} ,
{
"not valid username" ,
"amazonses" ,
0 ,
false ,
} ,
{
"all users in team" ,
"" ,
2 ,
true ,
} ,
2017-03-13 08:29:41 -04:00
}
2019-09-18 14:27:32 -04:00
for _ , tc := range tt {
t . Run ( tc . Name , func ( t * testing . T ) {
2025-11-12 07:00:51 -05:00
th . LoginBasic ( t )
2023-06-06 17:29:29 -04:00
rusers , _ , err := th . Client . AutocompleteUsers ( context . Background ( ) , tc . Username , model . UserSearchDefaultLimit , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-09-18 14:27:32 -04:00
if tc . MoreThan {
assert . True ( t , len ( rusers . Users ) >= tc . ExpectedResults )
} else {
assert . Len ( t , rusers . Users , tc . ExpectedResults )
}
2024-11-20 11:28:39 -05:00
_ , err = th . Client . Logout ( context . Background ( ) )
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
_ , resp , err := th . Client . AutocompleteUsers ( context . Background ( ) , tc . Username , model . UserSearchDefaultLimit , "" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2019-09-18 14:27:32 -04:00
CheckUnauthorizedStatus ( t , resp )
2024-11-20 11:28:39 -05:00
_ , _ , err = th . Client . Login ( context . Background ( ) , newUser . Email , newUser . Password )
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
_ , _ , err = th . Client . AutocompleteUsers ( context . Background ( ) , tc . Username , model . UserSearchDefaultLimit , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-09-18 14:27:32 -04:00
} )
2017-03-13 08:29:41 -04:00
}
2019-09-18 14:27:32 -04:00
t . Run ( "Check against privacy config settings" , func ( t * testing . T ) {
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . PrivacySettings . ShowFullName = false } )
2017-03-13 08:29:41 -04:00
2025-11-12 07:00:51 -05:00
th . LoginBasic ( t )
2023-06-06 17:29:29 -04:00
rusers , _ , err := th . Client . AutocompleteUsers ( context . Background ( ) , username , model . UserSearchDefaultLimit , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2018-09-28 10:06:40 -04:00
2019-09-18 14:27:32 -04:00
assert . Equal ( t , rusers . Users [ 0 ] . FirstName , "" , "should not show first/last name" )
assert . Equal ( t , rusers . Users [ 0 ] . LastName , "" , "should not show first/last name" )
2018-09-28 10:06:40 -04:00
} )
2017-03-13 08:29:41 -04:00
}
2017-02-27 09:25:28 -05:00
func TestGetProfileImage ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2020-03-03 08:19:54 -05:00
// recreate basic user
2025-11-12 07:00:51 -05:00
th . BasicUser = th . CreateUser ( t )
th . LoginBasic ( t )
2017-02-27 09:25:28 -05:00
user := th . BasicUser
2023-06-06 17:29:29 -04:00
data , resp , err := th . Client . GetProfileImage ( context . Background ( ) , user . Id , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-11-15 09:13:32 -05:00
require . NotEmpty ( t , data , "should not be empty" )
2017-02-27 09:25:28 -05:00
2023-06-06 17:29:29 -04:00
_ , resp , _ = th . Client . GetProfileImage ( context . Background ( ) , user . Id , resp . Etag )
2019-11-15 09:13:32 -05:00
require . NotEqual ( t , http . StatusNotModified , resp . StatusCode , "should not hit etag" )
2017-02-27 09:25:28 -05:00
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . GetProfileImage ( context . Background ( ) , "junk" , "" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-02-27 09:25:28 -05:00
CheckBadRequestStatus ( t , resp )
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . GetProfileImage ( context . Background ( ) , model . NewId ( ) , "" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2018-04-13 10:57:22 -04:00
CheckNotFoundStatus ( t , resp )
2024-11-20 11:28:39 -05:00
_ , err = th . Client . Logout ( context . Background ( ) )
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . GetProfileImage ( context . Background ( ) , user . Id , "" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-02-27 09:25:28 -05:00
CheckUnauthorizedStatus ( t , resp )
2023-06-06 17:29:29 -04:00
_ , _ , err = th . SystemAdminClient . GetProfileImage ( context . Background ( ) , user . Id , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-02-27 09:25:28 -05:00
info := & model . FileInfo { Path : "/users/" + user . Id + "/profile.png" }
2021-08-13 07:12:16 -04:00
err = th . cleanupTestFile ( info )
2019-11-15 09:13:32 -05:00
require . NoError ( t , err )
2017-02-27 09:25:28 -05:00
}
2017-02-03 09:30:57 -05:00
func TestGetUsersByIds ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2017-10-02 04:50:56 -04:00
2020-07-23 06:53:35 -04:00
th . TestForAllClients ( t , func ( t * testing . T , client * model . Client4 ) {
t . Run ( "should return the user" , func ( t * testing . T ) {
2023-06-06 17:29:29 -04:00
users , _ , err := client . GetUsersByIds ( context . Background ( ) , [ ] string { th . BasicUser . Id } )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-02-03 09:30:57 -05:00
2020-07-23 06:53:35 -04:00
assert . Equal ( t , th . BasicUser . Id , users [ 0 ] . Id )
CheckUserSanitization ( t , users [ 0 ] )
} )
2017-02-03 09:30:57 -05:00
2020-07-23 06:53:35 -04:00
t . Run ( "should return error when no IDs are specified" , func ( t * testing . T ) {
2023-06-06 17:29:29 -04:00
_ , resp , err := client . GetUsersByIds ( context . Background ( ) , [ ] string { } )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2020-07-23 06:53:35 -04:00
CheckBadRequestStatus ( t , resp )
} )
2017-02-03 09:30:57 -05:00
2020-07-23 06:53:35 -04:00
t . Run ( "should not return an error for invalid IDs" , func ( t * testing . T ) {
2023-06-06 17:29:29 -04:00
users , _ , err := client . GetUsersByIds ( context . Background ( ) , [ ] string { "junk" } )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-07-23 06:53:35 -04:00
require . Empty ( t , users , "no users should be returned" )
} )
2019-06-27 09:37:03 -04:00
2020-07-23 06:53:35 -04:00
t . Run ( "should still return users for valid IDs when invalid IDs are specified" , func ( t * testing . T ) {
2023-06-06 17:29:29 -04:00
users , _ , err := client . GetUsersByIds ( context . Background ( ) , [ ] string { "junk" , th . BasicUser . Id } )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-11-15 09:13:32 -05:00
2020-07-23 06:53:35 -04:00
require . Len ( t , users , 1 , "1 user should be returned" )
} )
2023-08-24 08:14:01 -04:00
t . Run ( "should only return unique users when multiple IDs are requested" , func ( t * testing . T ) {
users , _ , err := client . GetUsersByIds ( context . Background ( ) , [ ] string { th . BasicUser . Id , th . BasicUser . Id , th . BasicUser . Id } )
require . NoError ( t , err )
require . Len ( t , users , 1 , "1 user should be returned" )
} )
2019-06-27 09:37:03 -04:00
} )
t . Run ( "should return error when not logged in" , func ( t * testing . T ) {
2024-11-20 11:28:39 -05:00
_ , err := th . Client . Logout ( context . Background ( ) )
require . NoError ( t , err )
2019-06-27 09:37:03 -04:00
2023-06-06 17:29:29 -04:00
_ , resp , err := th . Client . GetUsersByIds ( context . Background ( ) , [ ] string { th . BasicUser . Id } )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2019-06-27 09:37:03 -04:00
CheckUnauthorizedStatus ( t , resp )
} )
}
func TestGetUsersByIdsWithOptions ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2019-06-27 09:37:03 -04:00
t . Run ( "should only return specified users that have been updated since the given time" , func ( t * testing . T ) {
2020-07-22 04:20:33 -04:00
th := Setup ( t )
2019-06-27 09:37:03 -04:00
// Users before the timestamp shouldn't be returned
2024-07-31 10:27:52 -04:00
user1 , appErr := th . App . CreateUser ( th . Context , & model . User { Email : th . GenerateTestEmail ( ) , Username : model . NewUsername ( ) , Password : model . NewId ( ) } )
2021-08-13 07:12:16 -04:00
require . Nil ( t , appErr )
2019-06-27 09:37:03 -04:00
2024-07-31 10:27:52 -04:00
user2 , appErr := th . App . CreateUser ( th . Context , & model . User { Email : th . GenerateTestEmail ( ) , Username : model . NewUsername ( ) , Password : model . NewId ( ) } )
2021-08-13 07:12:16 -04:00
require . Nil ( t , appErr )
2019-06-27 09:37:03 -04:00
// Users not in the list of IDs shouldn't be returned
2024-07-31 10:27:52 -04:00
_ , appErr = th . App . CreateUser ( th . Context , & model . User { Email : th . GenerateTestEmail ( ) , Username : model . NewUsername ( ) , Password : model . NewId ( ) } )
2021-08-13 07:12:16 -04:00
require . Nil ( t , appErr )
2019-06-27 09:37:03 -04:00
2023-06-06 17:29:29 -04:00
users , _ , err := th . Client . GetUsersByIdsWithOptions ( context . Background ( ) , [ ] string { user1 . Id , user2 . Id } , & model . UserGetByIdsOptions {
2019-06-27 09:37:03 -04:00
Since : user2 . UpdateAt - 1 ,
} )
2021-08-13 07:12:16 -04:00
assert . NoError ( t , err )
2019-06-27 09:37:03 -04:00
assert . Len ( t , users , 1 )
assert . Equal ( t , users [ 0 ] . Id , user2 . Id )
} )
2017-02-03 09:30:57 -05:00
}
2019-06-21 19:14:21 -04:00
func TestGetUsersByGroupChannelIds ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2019-06-21 19:14:21 -04:00
2022-07-14 05:01:29 -04:00
gc1 , appErr := th . App . CreateGroupChannel ( th . Context , [ ] string { th . BasicUser . Id , th . SystemAdminUser . Id , th . TeamAdminUser . Id } , th . BasicUser . Id )
2021-08-13 07:12:16 -04:00
require . Nil ( t , appErr )
2019-06-21 19:14:21 -04:00
2023-06-06 17:29:29 -04:00
usersByChannelId , _ , err := th . Client . GetUsersByGroupChannelIds ( context . Background ( ) , [ ] string { gc1 . Id } )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-06-21 19:14:21 -04:00
2019-10-29 02:45:09 -04:00
users , ok := usersByChannelId [ gc1 . Id ]
assert . True ( t , ok )
2019-06-21 19:14:21 -04:00
userIds := [ ] string { }
for _ , user := range users {
userIds = append ( userIds , user . Id )
}
require . ElementsMatch ( t , [ ] string { th . SystemAdminUser . Id , th . TeamAdminUser . Id } , userIds )
2025-11-12 07:00:51 -05:00
th . LoginBasic2 ( t )
2023-06-06 17:29:29 -04:00
usersByChannelId , _ , err = th . Client . GetUsersByGroupChannelIds ( context . Background ( ) , [ ] string { gc1 . Id } )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-06-21 19:14:21 -04:00
2019-10-29 02:45:09 -04:00
_ , ok = usersByChannelId [ gc1 . Id ]
2019-06-21 19:14:21 -04:00
require . False ( t , ok )
2024-11-20 11:28:39 -05:00
_ , err = th . Client . Logout ( context . Background ( ) )
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
_ , resp , err := th . Client . GetUsersByGroupChannelIds ( context . Background ( ) , [ ] string { gc1 . Id } )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2019-06-21 19:14:21 -04:00
CheckUnauthorizedStatus ( t , resp )
}
2017-04-25 11:00:41 -04:00
func TestGetUsersByUsernames ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2017-10-02 04:50:56 -04:00
2023-06-06 17:29:29 -04:00
users , _ , err := th . Client . GetUsersByUsernames ( context . Background ( ) , [ ] string { th . BasicUser . Username } )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-04-25 11:00:41 -04:00
2019-11-15 09:13:32 -05:00
require . Equal ( t , th . BasicUser . Id , users [ 0 ] . Id )
2017-04-25 11:00:41 -04:00
CheckUserSanitization ( t , users [ 0 ] )
2023-06-06 17:29:29 -04:00
_ , resp , err := th . Client . GetUsersByIds ( context . Background ( ) , [ ] string { } )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-04-25 11:00:41 -04:00
CheckBadRequestStatus ( t , resp )
2023-06-06 17:29:29 -04:00
users , _ , err = th . Client . GetUsersByUsernames ( context . Background ( ) , [ ] string { "junk" } )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-11-15 09:13:32 -05:00
require . Empty ( t , users , "no users should be returned" )
2017-04-25 11:00:41 -04:00
2023-06-06 17:29:29 -04:00
users , _ , err = th . Client . GetUsersByUsernames ( context . Background ( ) , [ ] string { "junk" , th . BasicUser . Username } )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-11-15 09:13:32 -05:00
require . Len ( t , users , 1 , "1 user should be returned" )
2017-04-25 11:00:41 -04:00
2024-11-20 11:28:39 -05:00
_ , err = th . Client . Logout ( context . Background ( ) )
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . GetUsersByUsernames ( context . Background ( ) , [ ] string { th . BasicUser . Username } )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-04-25 11:00:41 -04:00
CheckUnauthorizedStatus ( t , resp )
}
2018-06-07 12:45:49 -04:00
func TestGetTotalUsersStat ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2020-07-22 04:20:33 -04:00
th := Setup ( t )
2018-06-07 12:45:49 -04:00
2022-10-06 04:04:21 -04:00
total , _ := th . Server . Store ( ) . User ( ) . Count ( model . UserCountOptions {
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
IncludeDeleted : false ,
IncludeBotAccounts : true ,
} )
2018-06-07 12:45:49 -04:00
2023-06-06 17:29:29 -04:00
rstats , _ , err := th . Client . GetTotalUsersStats ( context . Background ( ) , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2018-06-07 12:45:49 -04:00
2019-11-15 09:13:32 -05:00
require . Equal ( t , total , rstats . TotalUsersCount )
2018-06-07 12:45:49 -04:00
}
2017-01-30 08:30:02 -05:00
func TestUpdateUser ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2020-07-22 04:20:33 -04:00
th := Setup ( t )
2017-01-30 08:30:02 -05:00
2025-11-12 07:00:51 -05:00
user := th . CreateUser ( t )
2024-11-20 11:28:39 -05:00
_ , _ , err := th . Client . Login ( context . Background ( ) , user . Email , user . Password )
require . NoError ( t , err )
2017-01-30 08:30:02 -05:00
user . Nickname = "Joram Wilander"
2021-07-12 14:05:36 -04:00
user . Roles = model . SystemUserRoleId
2017-01-30 08:30:02 -05:00
user . LastPasswordUpdate = 123
2023-06-06 17:29:29 -04:00
ruser , _ , err := th . Client . UpdateUser ( context . Background ( ) , user )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-01-30 08:30:02 -05:00
CheckUserSanitization ( t , ruser )
2019-11-15 09:13:32 -05:00
require . Equal ( t , "Joram Wilander" , ruser . Nickname , "Nickname should update properly" )
2021-07-12 14:05:36 -04:00
require . Equal ( t , model . SystemUserRoleId , ruser . Roles , "Roles should not update" )
2019-11-15 09:13:32 -05:00
require . NotEqual ( t , 123 , ruser . LastPasswordUpdate , "LastPasswordUpdate should not update" )
2017-01-30 08:30:02 -05:00
2019-02-01 18:06:49 -05:00
ruser . Email = th . GenerateTestEmail ( )
2023-06-06 17:29:29 -04:00
_ , resp , err := th . Client . UpdateUser ( context . Background ( ) , ruser )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2019-02-01 18:06:49 -05:00
CheckBadRequestStatus ( t , resp )
2020-06-12 02:35:09 -04:00
th . TestForSystemAdminAndLocal ( t , func ( t * testing . T , client * model . Client4 ) {
ruser . Email = th . GenerateTestEmail ( )
2023-06-06 17:29:29 -04:00
_ , _ , err = client . UpdateUser ( context . Background ( ) , user )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-06-12 02:35:09 -04:00
} )
2019-02-01 18:06:49 -05:00
ruser . Password = user . Password
2023-06-06 17:29:29 -04:00
ruser , _ , err = th . Client . UpdateUser ( context . Background ( ) , ruser )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-02-01 18:06:49 -05:00
CheckUserSanitization ( t , ruser )
2017-01-30 08:30:02 -05:00
ruser . Id = "junk"
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . UpdateUser ( context . Background ( ) , ruser )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-01-30 08:30:02 -05:00
CheckBadRequestStatus ( t , resp )
ruser . Id = model . NewId ( )
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . UpdateUser ( context . Background ( ) , ruser )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-01-30 08:30:02 -05:00
CheckForbiddenStatus ( t , resp )
2023-06-06 17:29:29 -04:00
r , err := th . Client . DoAPIPut ( context . Background ( ) , "/users/" + ruser . Id , "garbage" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2019-11-15 09:13:32 -05:00
require . Equal ( t , http . StatusBadRequest , r . StatusCode )
2017-01-30 08:30:02 -05:00
2019-01-24 15:19:32 -05:00
session , _ := th . App . GetSession ( th . Client . AuthToken )
2017-10-04 11:04:56 -04:00
session . IsOAuth = true
2017-10-26 15:21:22 -04:00
th . App . AddSessionToCache ( session )
2017-10-04 11:04:56 -04:00
ruser . Id = user . Id
2018-01-17 13:38:37 -05:00
ruser . Email = th . GenerateTestEmail ( )
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . UpdateUser ( context . Background ( ) , ruser )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-10-04 11:04:56 -04:00
CheckForbiddenStatus ( t , resp )
2024-11-20 11:28:39 -05:00
_ , err = th . Client . Logout ( context . Background ( ) )
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . UpdateUser ( context . Background ( ) , user )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-01-30 08:30:02 -05:00
CheckUnauthorizedStatus ( t , resp )
2025-11-12 07:00:51 -05:00
th . LoginBasic ( t )
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . UpdateUser ( context . Background ( ) , user )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-01-30 08:30:02 -05:00
CheckForbiddenStatus ( t , resp )
2020-06-12 02:35:09 -04:00
th . TestForSystemAdminAndLocal ( t , func ( t * testing . T , client * model . Client4 ) {
2023-06-06 17:29:29 -04:00
_ , _ , err = client . UpdateUser ( context . Background ( ) , user )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-06-12 02:35:09 -04:00
} )
2017-01-30 08:30:02 -05:00
}
2017-02-01 16:13:16 -05:00
2023-06-22 12:40:21 -04:00
func TestUpdateAdminUser ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2023-06-22 12:40:21 -04:00
2025-11-12 07:00:51 -05:00
user := th . CreateUser ( t )
2024-11-20 11:28:39 -05:00
_ , appErr := th . App . UpdateUserRoles ( th . Context , user . Id , model . SystemUserRoleId + " " + model . SystemAdminRoleId , false )
require . Nil ( t , appErr )
2023-06-22 12:40:21 -04:00
user . Email = th . GenerateTestEmail ( )
2025-11-12 07:00:51 -05:00
th . AddPermissionToRole ( t , model . PermissionEditOtherUsers . Id , model . SystemUserManagerRoleId )
2024-11-20 11:28:39 -05:00
_ , appErr = th . App . UpdateUserRoles ( th . Context , th . BasicUser . Id , model . SystemUserManagerRoleId + " " + model . SystemUserAccessTokenRoleId , false )
require . Nil ( t , appErr )
2023-06-22 12:40:21 -04:00
_ , resp , err := th . Client . UpdateUser ( context . Background ( ) , user )
require . Error ( t , err )
CheckForbiddenStatus ( t , resp )
u2 , _ , err := th . SystemAdminClient . UpdateUser ( context . Background ( ) , user )
require . NoError ( t , err )
require . Equal ( t , user . Email , u2 . Email )
}
2023-07-10 15:28:40 -04:00
func TestUpdateBotUser ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2023-07-10 15:28:40 -04:00
th . App . UpdateConfig ( func ( c * model . Config ) {
* c . ServiceSettings . EnableBotAccountCreation = true
} )
2025-11-12 07:00:51 -05:00
bot := th . CreateBotWithSystemAdminClient ( t )
2023-07-10 15:28:40 -04:00
botUser , _ , err := th . SystemAdminClient . GetUser ( context . Background ( ) , bot . UserId , "" )
require . NoError ( t , err )
updateUser , _ , err := th . SystemAdminClient . UpdateUser ( context . Background ( ) , botUser )
require . NoError ( t , err )
require . Equal ( t , botUser . Id , updateUser . Id )
_ , resp , err := th . Client . UpdateUser ( context . Background ( ) , botUser )
require . Error ( t , err )
CheckForbiddenStatus ( t , resp )
}
2017-02-16 09:46:55 -05:00
func TestPatchUser ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2017-02-16 09:46:55 -05:00
2025-11-12 07:00:51 -05:00
user := th . CreateUser ( t )
2024-11-20 11:28:39 -05:00
_ , _ , err := th . Client . Login ( context . Background ( ) , user . Email , user . Password )
require . NoError ( t , err )
2017-02-16 09:46:55 -05:00
2021-03-25 06:38:43 -04:00
t . Run ( "Timezone limit error" , func ( t * testing . T ) {
patch := & model . UserPatch { }
patch . Timezone = model . StringMap { }
2021-07-12 14:05:36 -04:00
patch . Timezone [ "manualTimezone" ] = string ( make ( [ ] byte , model . UserTimezoneMaxRunes ) )
2024-11-20 11:28:39 -05:00
var resp * model . Response
var ruser * model . User
ruser , resp , err = th . Client . PatchUser ( context . Background ( ) , user . Id , patch )
2021-03-25 06:38:43 -04:00
CheckBadRequestStatus ( t , resp )
2021-08-13 07:12:16 -04:00
CheckErrorID ( t , err , "model.user.is_valid.timezone_limit.app_error" )
2021-03-25 06:38:43 -04:00
require . Nil ( t , ruser )
} )
2017-02-16 09:46:55 -05:00
patch := & model . UserPatch { }
2026-04-08 15:49:43 -04:00
patch . Password = model . NewPointer ( model . NewTestPassword ( ) )
2024-08-05 23:45:00 -04:00
patch . Nickname = model . NewPointer ( "Joram Wilander" )
patch . FirstName = model . NewPointer ( "Joram" )
patch . LastName = model . NewPointer ( "Wilander" )
2017-02-16 09:46:55 -05:00
patch . Position = new ( string )
2017-04-19 15:38:35 -04:00
patch . NotifyProps = model . StringMap { }
patch . NotifyProps [ "comment" ] = "somethingrandom"
2018-03-22 09:53:43 -04:00
patch . Timezone = model . StringMap { }
patch . Timezone [ "useAutomaticTimezone" ] = "true"
patch . Timezone [ "automaticTimezone" ] = "America/New_York"
patch . Timezone [ "manualTimezone" ] = ""
2017-02-16 09:46:55 -05:00
2023-06-06 17:29:29 -04:00
ruser , _ , err := th . Client . PatchUser ( context . Background ( ) , user . Id , patch )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-02-16 09:46:55 -05:00
CheckUserSanitization ( t , ruser )
2019-11-15 09:13:32 -05:00
require . Equal ( t , "Joram Wilander" , ruser . Nickname , "Nickname should update properly" )
require . Equal ( t , "Joram" , ruser . FirstName , "FirstName should update properly" )
require . Equal ( t , "Wilander" , ruser . LastName , "LastName should update properly" )
require . Empty ( t , ruser . Position , "Position should update properly" )
require . Equal ( t , user . Username , ruser . Username , "Username should not update" )
require . Empty ( t , ruser . Password , "Password should not be returned" )
require . Equal ( t , "somethingrandom" , ruser . NotifyProps [ "comment" ] , "NotifyProps should update properly" )
require . Equal ( t , "true" , ruser . Timezone [ "useAutomaticTimezone" ] , "useAutomaticTimezone should update properly" )
require . Equal ( t , "America/New_York" , ruser . Timezone [ "automaticTimezone" ] , "automaticTimezone should update properly" )
require . Empty ( t , ruser . Timezone [ "manualTimezone" ] , "manualTimezone should update properly" )
2017-02-16 09:46:55 -05:00
2024-10-22 02:51:36 -04:00
appErr := th . App . CheckPasswordAndAllCriteria ( th . Context , user . Id , * patch . Password , "" )
2021-08-13 07:12:16 -04:00
require . NotNil ( t , appErr , "Password should not match" )
2019-02-01 18:06:49 -05:00
currentPassword := user . Password
2021-08-13 07:12:16 -04:00
user , appErr = th . App . GetUser ( ruser . Id )
require . Nil ( t , appErr )
2019-02-01 18:06:49 -05:00
2024-10-22 02:51:36 -04:00
appErr = th . App . CheckPasswordAndAllCriteria ( th . Context , user . Id , currentPassword , "" )
2021-08-13 07:12:16 -04:00
require . Nil ( t , appErr , "Password should still match" )
2019-02-01 18:06:49 -05:00
patch = & model . UserPatch { }
2024-08-05 23:45:00 -04:00
patch . Email = model . NewPointer ( th . GenerateTestEmail ( ) )
2019-02-01 18:06:49 -05:00
2023-06-06 17:29:29 -04:00
_ , resp , err := th . Client . PatchUser ( context . Background ( ) , user . Id , patch )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2019-02-01 18:06:49 -05:00
CheckBadRequestStatus ( t , resp )
2024-08-05 23:45:00 -04:00
patch . Password = model . NewPointer ( currentPassword )
2023-06-06 17:29:29 -04:00
ruser , _ , err = th . Client . PatchUser ( context . Background ( ) , user . Id , patch )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-02-01 18:06:49 -05:00
2019-11-15 09:13:32 -05:00
require . Equal ( t , * patch . Email , ruser . Email , "Email should update properly" )
2019-02-01 18:06:49 -05:00
2024-08-05 23:45:00 -04:00
patch . Username = model . NewPointer ( th . BasicUser2 . Username )
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . PatchUser ( context . Background ( ) , user . Id , patch )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-04-28 10:11:26 -04:00
CheckBadRequestStatus ( t , resp )
patch . Username = nil
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . PatchUser ( context . Background ( ) , "junk" , patch )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-02-16 09:46:55 -05:00
CheckBadRequestStatus ( t , resp )
ruser . Id = model . NewId ( )
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . PatchUser ( context . Background ( ) , model . NewId ( ) , patch )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-02-16 09:46:55 -05:00
CheckForbiddenStatus ( t , resp )
2023-06-06 17:29:29 -04:00
r , err := th . Client . DoAPIPut ( context . Background ( ) , "/users/" + user . Id + "/patch" , "garbage" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2019-11-15 09:13:32 -05:00
require . Equal ( t , http . StatusBadRequest , r . StatusCode )
2017-02-16 09:46:55 -05:00
2019-01-24 15:19:32 -05:00
session , _ := th . App . GetSession ( th . Client . AuthToken )
2017-10-04 11:04:56 -04:00
session . IsOAuth = true
2017-10-26 15:21:22 -04:00
th . App . AddSessionToCache ( session )
2017-10-04 11:04:56 -04:00
2024-08-05 23:45:00 -04:00
patch . Email = model . NewPointer ( th . GenerateTestEmail ( ) )
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . PatchUser ( context . Background ( ) , user . Id , patch )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-10-04 11:04:56 -04:00
CheckForbiddenStatus ( t , resp )
2024-11-20 11:28:39 -05:00
_ , err = th . Client . Logout ( context . Background ( ) )
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . PatchUser ( context . Background ( ) , user . Id , patch )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-02-16 09:46:55 -05:00
CheckUnauthorizedStatus ( t , resp )
2025-11-12 07:00:51 -05:00
th . LoginBasic ( t )
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . PatchUser ( context . Background ( ) , user . Id , patch )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-02-16 09:46:55 -05:00
CheckForbiddenStatus ( t , resp )
2023-06-06 17:29:29 -04:00
_ , _ , err = th . SystemAdminClient . PatchUser ( context . Background ( ) , user . Id , patch )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-02-16 09:46:55 -05:00
}
2023-07-10 15:28:40 -04:00
func TestPatchBotUser ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2023-07-10 15:28:40 -04:00
th . App . UpdateConfig ( func ( c * model . Config ) {
* c . ServiceSettings . EnableBotAccountCreation = true
} )
2025-11-12 07:00:51 -05:00
bot := th . CreateBotWithSystemAdminClient ( t )
2023-07-10 15:28:40 -04:00
patch := & model . UserPatch { }
2024-08-05 23:45:00 -04:00
patch . Email = model . NewPointer ( "newemail@test.com" )
2023-07-10 15:28:40 -04:00
user , _ , err := th . SystemAdminClient . PatchUser ( context . Background ( ) , bot . UserId , patch )
require . NoError ( t , err )
require . Equal ( t , bot . UserId , user . Id )
_ , resp , err := th . Client . PatchUser ( context . Background ( ) , bot . UserId , patch )
require . Error ( t , err )
CheckForbiddenStatus ( t , resp )
}
2023-06-22 12:40:21 -04:00
func TestPatchAdminUser ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2023-06-22 12:40:21 -04:00
2025-11-12 07:00:51 -05:00
user := th . CreateUser ( t )
2024-11-20 11:28:39 -05:00
_ , appErr := th . App . UpdateUserRoles ( th . Context , user . Id , model . SystemUserRoleId + " " + model . SystemAdminRoleId , false )
require . Nil ( t , appErr )
2023-06-22 12:40:21 -04:00
patch := & model . UserPatch { }
2024-08-05 23:45:00 -04:00
patch . Email = model . NewPointer ( th . GenerateTestEmail ( ) )
2023-06-22 12:40:21 -04:00
2025-11-12 07:00:51 -05:00
th . AddPermissionToRole ( t , model . PermissionEditOtherUsers . Id , model . SystemUserManagerRoleId )
2024-11-20 11:28:39 -05:00
_ , appErr = th . App . UpdateUserRoles ( th . Context , th . BasicUser . Id , model . SystemUserManagerRoleId + " " + model . SystemUserAccessTokenRoleId , false )
require . Nil ( t , appErr )
2023-06-22 12:40:21 -04:00
_ , resp , err := th . Client . PatchUser ( context . Background ( ) , user . Id , patch )
require . Error ( t , err )
CheckForbiddenStatus ( t , resp )
_ , _ , err = th . SystemAdminClient . PatchUser ( context . Background ( ) , user . Id , patch )
require . NoError ( t , err )
}
2023-07-10 15:28:40 -04:00
2020-04-07 16:56:07 -04:00
func TestUserUnicodeNames ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2020-07-22 04:20:33 -04:00
th := Setup ( t )
2021-08-13 07:12:16 -04:00
client := th . Client
2020-04-07 16:56:07 -04:00
t . Run ( "create user unicode" , func ( t * testing . T ) {
user := model . User {
Email : th . GenerateTestEmail ( ) ,
FirstName : "Andrew\u202e" ,
LastName : "\ufeffWiggin" ,
Nickname : "Ender\u2028 Wiggin" ,
2026-04-08 15:49:43 -04:00
Password : model . NewTestPassword ( ) ,
2020-04-07 16:56:07 -04:00
Username : "\ufeffwiggin77" ,
2025-01-27 13:03:16 -05:00
Roles : model . SystemAdminRoleId + " " + model . SystemUserRoleId ,
}
2020-04-07 16:56:07 -04:00
2023-06-06 17:29:29 -04:00
ruser , resp , err := client . CreateUser ( context . Background ( ) , & user )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-04-07 16:56:07 -04:00
CheckCreatedStatus ( t , resp )
2024-11-20 11:28:39 -05:00
_ , _ , err = client . Login ( context . Background ( ) , user . Email , user . Password )
require . NoError ( t , err )
2020-04-07 16:56:07 -04:00
require . Equal ( t , "wiggin77" , ruser . Username , "Bad Unicode not filtered from username" )
2021-07-12 14:05:36 -04:00
require . Equal ( t , "Andrew Wiggin" , ruser . GetDisplayName ( model . ShowFullName ) , "Bad Unicode not filtered from displayname" )
2020-04-07 16:56:07 -04:00
require . Equal ( t , "Ender Wiggin" , ruser . Nickname , "Bad Unicode not filtered from nickname" )
} )
t . Run ( "update user unicode" , func ( t * testing . T ) {
2025-11-12 07:00:51 -05:00
user := th . CreateUser ( t )
2024-11-20 11:28:39 -05:00
_ , _ , err := client . Login ( context . Background ( ) , user . Email , user . Password )
require . NoError ( t , err )
2020-04-07 16:56:07 -04:00
user . Username = "wiggin\ufff9"
user . Nickname = "Ender\u0340 \ufffcWiggin"
user . FirstName = "Andrew\ufff9"
user . LastName = "Wig\u206fgin"
2023-06-06 17:29:29 -04:00
ruser , _ , err := client . UpdateUser ( context . Background ( ) , user )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-04-07 16:56:07 -04:00
require . Equal ( t , "wiggin" , ruser . Username , "bad unicode should be filtered from username" )
require . Equal ( t , "Ender Wiggin" , ruser . Nickname , "bad unicode should be filtered from nickname" )
2021-07-12 14:05:36 -04:00
require . Equal ( t , "Andrew Wiggin" , ruser . GetDisplayName ( model . ShowFullName ) , "bad unicode should be filtered from display name" )
2020-04-07 16:56:07 -04:00
} )
t . Run ( "patch user unicode" , func ( t * testing . T ) {
2025-11-12 07:00:51 -05:00
user := th . CreateUser ( t )
2024-11-20 11:28:39 -05:00
_ , _ , err := client . Login ( context . Background ( ) , user . Email , user . Password )
require . NoError ( t , err )
2020-04-07 16:56:07 -04:00
patch := & model . UserPatch { }
2024-08-05 23:45:00 -04:00
patch . Nickname = model . NewPointer ( "\U000E0000Ender\u206d Wiggin\U000E007F" )
patch . FirstName = model . NewPointer ( "\U0001d173Andrew\U0001d17a" )
patch . LastName = model . NewPointer ( "\u2028Wiggin\u2029" )
2020-04-07 16:56:07 -04:00
2023-06-06 17:29:29 -04:00
ruser , _ , err := client . PatchUser ( context . Background ( ) , user . Id , patch )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-04-07 16:56:07 -04:00
CheckUserSanitization ( t , ruser )
require . Equal ( t , "Ender Wiggin" , ruser . Nickname , "Bad unicode should be filtered from nickname" )
require . Equal ( t , "Andrew" , ruser . FirstName , "Bad unicode should be filtered from first name" )
require . Equal ( t , "Wiggin" , ruser . LastName , "Bad unicode should be filtered from last name" )
2021-07-12 14:05:36 -04:00
require . Equal ( t , "Andrew Wiggin" , ruser . GetDisplayName ( model . ShowFullName ) , "Bad unicode should be filtered from display name" )
2020-04-07 16:56:07 -04:00
} )
}
2018-01-04 12:45:59 -05:00
func TestUpdateUserAuth ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2020-07-22 04:20:33 -04:00
th := Setup ( t )
2018-01-04 12:45:59 -05:00
2025-11-12 07:00:51 -05:00
team := th . CreateTeamWithClient ( t , th . SystemAdminClient )
2018-01-04 12:45:59 -05:00
2025-11-12 07:00:51 -05:00
user := th . CreateUser ( t )
2018-01-04 12:45:59 -05:00
2025-11-12 07:00:51 -05:00
th . LinkUserToTeam ( t , user , team )
2022-10-06 04:04:21 -04:00
_ , err := th . App . Srv ( ) . Store ( ) . User ( ) . VerifyEmail ( user . Id , user . Email )
2021-02-17 03:52:18 -05:00
require . NoError ( t , err )
2018-01-04 12:45:59 -05:00
userAuth := & model . UserAuth { }
userAuth . AuthData = user . AuthData
userAuth . AuthService = user . AuthService
// Regular user can not use endpoint
2023-06-06 17:29:29 -04:00
_ , respErr , _ := th . SystemAdminClient . UpdateUserAuth ( context . Background ( ) , user . Id , userAuth )
2019-11-15 09:13:32 -05:00
require . NotNil ( t , respErr , "Shouldn't have permissions. Only Admins" )
2018-01-04 12:45:59 -05:00
2024-08-05 23:45:00 -04:00
userAuth . AuthData = model . NewPointer ( "test@test.com" )
2021-07-12 14:05:36 -04:00
userAuth . AuthService = model . UserAuthServiceSaml
2023-06-06 17:29:29 -04:00
ruser , _ , err := th . SystemAdminClient . UpdateUserAuth ( context . Background ( ) , user . Id , userAuth )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2018-01-04 12:45:59 -05:00
// AuthData and AuthService are set, password is set to empty
2019-11-15 09:13:32 -05:00
require . Equal ( t , * userAuth . AuthData , * ruser . AuthData )
2021-07-12 14:05:36 -04:00
require . Equal ( t , model . UserAuthServiceSaml , ruser . AuthService )
2018-01-04 12:45:59 -05:00
// When AuthData or AuthService are empty, password must be valid
userAuth . AuthData = user . AuthData
userAuth . AuthService = ""
2024-11-20 11:28:39 -05:00
_ , _ , err = th . SystemAdminClient . UpdateUserAuth ( context . Background ( ) , user . Id , userAuth )
require . Error ( t , err )
2018-01-04 12:45:59 -05:00
// Regular user can not use endpoint
2025-11-12 07:00:51 -05:00
user2 := th . CreateUser ( t )
th . LinkUserToTeam ( t , user2 , team )
2022-10-06 04:04:21 -04:00
_ , err = th . App . Srv ( ) . Store ( ) . User ( ) . VerifyEmail ( user2 . Id , user2 . Email )
2021-02-17 03:52:18 -05:00
require . NoError ( t , err )
2018-01-04 12:45:59 -05:00
2026-04-08 15:49:43 -04:00
_ , _ , err = th . SystemAdminClient . Login ( context . Background ( ) , user2 . Email , user2 . Password )
2024-11-20 11:28:39 -05:00
require . NoError ( t , err )
2018-01-04 12:45:59 -05:00
userAuth . AuthData = user . AuthData
userAuth . AuthService = user . AuthService
2024-11-20 11:28:39 -05:00
_ , _ , err = th . SystemAdminClient . UpdateUserAuth ( context . Background ( ) , user . Id , userAuth )
require . Error ( t , err , "Should have errored" )
2018-01-04 12:45:59 -05:00
}
2017-02-05 12:20:17 -05:00
func TestDeleteUser ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2017-10-02 04:50:56 -04:00
2025-11-12 07:00:51 -05:00
th . LoginBasic ( t )
2023-06-06 17:29:29 -04:00
resp , err := th . Client . DeleteUser ( context . Background ( ) , th . SystemAdminUser . Id )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-02-05 12:20:17 -05:00
CheckForbiddenStatus ( t , resp )
2024-11-20 11:28:39 -05:00
_ , err = th . Client . Logout ( context . Background ( ) )
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
resp , err = th . Client . DeleteUser ( context . Background ( ) , th . BasicUser . Id )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-02-05 12:20:17 -05:00
CheckUnauthorizedStatus ( t , resp )
2020-07-22 08:02:23 -04:00
th . TestForSystemAdminAndLocal ( t , func ( t * testing . T , c * model . Client4 ) {
2023-06-06 17:29:29 -04:00
resp , err = c . DeleteUser ( context . Background ( ) , model . NewId ( ) )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2020-07-22 08:02:23 -04:00
CheckNotFoundStatus ( t , resp )
2017-02-05 12:20:17 -05:00
2023-06-06 17:29:29 -04:00
resp , err = c . DeleteUser ( context . Background ( ) , "junk" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2020-07-22 08:02:23 -04:00
CheckBadRequestStatus ( t , resp )
2017-02-05 12:20:17 -05:00
2025-11-12 07:00:51 -05:00
userToDelete := th . CreateUser ( t )
2023-06-06 17:29:29 -04:00
_ , err = c . DeleteUser ( context . Background ( ) , userToDelete . Id )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-07-22 08:02:23 -04:00
} )
2019-02-20 10:56:26 -05:00
2025-11-12 07:00:51 -05:00
selfDeleteUser := th . CreateUser ( t )
th . LoginBasic ( t )
2023-06-06 17:29:29 -04:00
resp , err = th . Client . DeleteUser ( context . Background ( ) , selfDeleteUser . Id )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2020-07-22 08:02:23 -04:00
CheckForbiddenStatus ( t , resp )
2019-02-20 10:56:26 -05:00
2024-11-20 11:28:39 -05:00
_ , _ , err = th . Client . Login ( context . Background ( ) , selfDeleteUser . Email , selfDeleteUser . Password )
require . NoError ( t , err )
2019-03-04 09:27:59 -05:00
th . App . UpdateConfig ( func ( c * model . Config ) {
2019-02-20 10:56:26 -05:00
* c . TeamSettings . EnableUserDeactivation = false
} )
2023-06-06 17:29:29 -04:00
resp , err = th . Client . DeleteUser ( context . Background ( ) , selfDeleteUser . Id )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2019-02-20 10:56:26 -05:00
CheckUnauthorizedStatus ( t , resp )
2019-03-04 09:27:59 -05:00
th . App . UpdateConfig ( func ( c * model . Config ) {
2019-02-20 10:56:26 -05:00
* c . TeamSettings . EnableUserDeactivation = true
} )
2023-06-06 17:29:29 -04:00
_ , err = th . Client . DeleteUser ( context . Background ( ) , selfDeleteUser . Id )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-02-05 12:20:17 -05:00
}
2023-07-10 15:28:40 -04:00
func TestDeleteBotUser ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2023-07-10 15:28:40 -04:00
th . App . UpdateConfig ( func ( c * model . Config ) {
* c . ServiceSettings . EnableBotAccountCreation = true
} )
2025-11-12 07:00:51 -05:00
bot := th . CreateBotWithSystemAdminClient ( t )
2023-07-10 15:28:40 -04:00
_ , err := th . Client . DeleteUser ( context . Background ( ) , bot . UserId )
require . Error ( t , err )
2023-12-11 04:27:51 -05:00
require . Equal ( t , err . Error ( ) , "You do not have the appropriate permissions." )
2023-07-10 15:28:40 -04:00
}
2020-07-22 08:02:23 -04:00
func TestPermanentDeleteUser ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2020-07-22 08:02:23 -04:00
enableAPIUserDeletion := * th . App . Config ( ) . ServiceSettings . EnableAPIUserDeletion
defer func ( ) {
th . App . UpdateConfig ( func ( cfg * model . Config ) { cfg . ServiceSettings . EnableAPIUserDeletion = & enableAPIUserDeletion } )
} ( )
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . EnableAPIUserDeletion = false } )
2025-11-12 07:00:51 -05:00
userToDelete := th . CreateUser ( t )
2020-07-22 08:02:23 -04:00
t . Run ( "Permanent deletion not available through API if EnableAPIUserDeletion is not set" , func ( t * testing . T ) {
2023-06-06 17:29:29 -04:00
resp , err := th . SystemAdminClient . PermanentDeleteUser ( context . Background ( ) , userToDelete . Id )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2020-07-22 08:02:23 -04:00
CheckUnauthorizedStatus ( t , resp )
} )
t . Run ( "Permanent deletion available through local mode even if EnableAPIUserDeletion is not set" , func ( t * testing . T ) {
2023-06-06 17:29:29 -04:00
_ , err := th . LocalClient . PermanentDeleteUser ( context . Background ( ) , userToDelete . Id )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-07-22 08:02:23 -04:00
} )
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . EnableAPIUserDeletion = true } )
th . TestForSystemAdminAndLocal ( t , func ( t * testing . T , c * model . Client4 ) {
2025-11-12 07:00:51 -05:00
userToDelete = th . CreateUser ( t )
2023-06-06 17:29:29 -04:00
_ , err := c . PermanentDeleteUser ( context . Background ( ) , userToDelete . Id )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-07-22 08:02:23 -04:00
2021-08-13 07:12:16 -04:00
_ , appErr := th . App . GetTeam ( userToDelete . Id )
assert . NotNil ( t , appErr )
2020-07-22 08:02:23 -04:00
2023-06-06 17:29:29 -04:00
resp , err := c . PermanentDeleteUser ( context . Background ( ) , "junk" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2020-07-22 08:02:23 -04:00
CheckBadRequestStatus ( t , resp )
} , "Permanent deletion with EnableAPIUserDeletion set" )
}
2020-06-27 17:00:01 -04:00
func TestPermanentDeleteAllUsers ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2020-06-27 17:00:01 -04:00
t . Run ( "The endpoint should not be available for neither normal nor sysadmin users" , func ( t * testing . T ) {
2023-06-06 17:29:29 -04:00
resp , err := th . Client . PermanentDeleteAllUsers ( context . Background ( ) )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2020-06-27 17:00:01 -04:00
CheckNotFoundStatus ( t , resp )
2023-06-06 17:29:29 -04:00
resp , err = th . SystemAdminClient . PermanentDeleteAllUsers ( context . Background ( ) )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2020-06-27 17:00:01 -04:00
CheckNotFoundStatus ( t , resp )
} )
t . Run ( "The endpoint should permanently delete all users" , func ( t * testing . T ) {
// Basic user creates a team and a channel
2021-08-13 07:12:16 -04:00
team , appErr := th . App . CreateTeamWithUser ( th . Context , & model . Team {
2020-06-27 17:00:01 -04:00
DisplayName : "User Created Team" ,
Name : "user-created-team" ,
Email : "usercreatedteam@test.com" ,
2021-07-12 14:05:36 -04:00
Type : model . TeamOpen ,
2020-06-27 17:00:01 -04:00
} , th . BasicUser . Id )
2021-08-13 07:12:16 -04:00
require . Nil ( t , appErr )
2020-06-27 17:00:01 -04:00
2021-08-13 07:12:16 -04:00
channel , appErr := th . App . CreateChannelWithUser ( th . Context , & model . Channel {
2020-06-27 17:00:01 -04:00
DisplayName : "User Created Channel" ,
Name : "user-created-channel" ,
2021-07-12 14:05:36 -04:00
Type : model . ChannelTypeOpen ,
2020-06-27 17:00:01 -04:00
TeamId : team . Id ,
} , th . BasicUser . Id )
2021-08-13 07:12:16 -04:00
require . Nil ( t , appErr )
2020-06-27 17:00:01 -04:00
// Check that we have users and posts in the database
2022-10-06 04:04:21 -04:00
users , err := th . App . Srv ( ) . Store ( ) . User ( ) . GetAll ( )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-06-27 17:00:01 -04:00
require . Greater ( t , len ( users ) , 0 )
2025-02-04 11:24:01 -05:00
require . NoError ( t , th . App . Srv ( ) . Store ( ) . Post ( ) . RefreshPostStats ( ) )
2022-10-06 04:04:21 -04:00
postCount , err := th . App . Srv ( ) . Store ( ) . Post ( ) . AnalyticsPostCount ( & model . PostCountOptions { } )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-06-27 17:00:01 -04:00
require . Greater ( t , postCount , int64 ( 0 ) )
// Delete all users and their posts
2023-06-06 17:29:29 -04:00
_ , err = th . LocalClient . PermanentDeleteAllUsers ( context . Background ( ) )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-06-27 17:00:01 -04:00
// Check that both user and post tables are empty
2022-10-06 04:04:21 -04:00
users , err = th . App . Srv ( ) . Store ( ) . User ( ) . GetAll ( )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-06-27 17:00:01 -04:00
require . Len ( t , users , 0 )
2025-02-04 11:24:01 -05:00
require . NoError ( t , th . App . Srv ( ) . Store ( ) . Post ( ) . RefreshPostStats ( ) )
2022-10-06 04:04:21 -04:00
postCount , err = th . App . Srv ( ) . Store ( ) . Post ( ) . AnalyticsPostCount ( & model . PostCountOptions { } )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-06-27 17:00:01 -04:00
require . Equal ( t , postCount , int64 ( 0 ) )
// Check that the channel and team created by the user were not deleted
2021-08-13 07:12:16 -04:00
rTeam , appErr := th . App . GetTeam ( team . Id )
require . Nil ( t , appErr )
2020-06-27 17:00:01 -04:00
require . NotNil ( t , rTeam )
2022-07-14 05:01:29 -04:00
rChannel , appErr := th . App . GetChannel ( th . Context , channel . Id )
2021-08-13 07:12:16 -04:00
require . Nil ( t , appErr )
2020-06-27 17:00:01 -04:00
require . NotNil ( t , rChannel )
} )
}
2017-02-01 16:13:16 -05:00
func TestUpdateUserRoles ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2017-10-02 04:50:56 -04:00
2023-06-06 17:29:29 -04:00
resp , err := th . Client . UpdateUserRoles ( context . Background ( ) , th . SystemAdminUser . Id , model . SystemUserRoleId )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-02-01 16:13:16 -05:00
CheckForbiddenStatus ( t , resp )
2020-06-12 02:35:09 -04:00
th . TestForSystemAdminAndLocal ( t , func ( t * testing . T , client * model . Client4 ) {
2023-06-06 17:29:29 -04:00
_ , err = client . UpdateUserRoles ( context . Background ( ) , th . BasicUser . Id , model . SystemUserRoleId )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-02-01 16:13:16 -05:00
2023-06-06 17:29:29 -04:00
_ , err = client . UpdateUserRoles ( context . Background ( ) , th . BasicUser . Id , model . SystemUserRoleId + " " + model . SystemAdminRoleId )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-02-01 16:13:16 -05:00
2023-06-06 17:29:29 -04:00
resp , err = client . UpdateUserRoles ( context . Background ( ) , th . BasicUser . Id , "junk" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2020-06-12 02:35:09 -04:00
CheckBadRequestStatus ( t , resp )
2017-02-01 16:13:16 -05:00
2023-06-06 17:29:29 -04:00
resp , err = client . UpdateUserRoles ( context . Background ( ) , "junk" , model . SystemUserRoleId )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2020-06-12 02:35:09 -04:00
CheckBadRequestStatus ( t , resp )
2017-02-01 16:13:16 -05:00
2023-06-06 17:29:29 -04:00
resp , err = client . UpdateUserRoles ( context . Background ( ) , model . NewId ( ) , model . SystemUserRoleId )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2020-06-12 02:35:09 -04:00
CheckBadRequestStatus ( t , resp )
} )
2017-02-01 16:13:16 -05:00
}
2017-02-03 15:17:34 -05:00
2023-11-22 05:09:48 -05:00
func assertExpectedWebsocketEvent ( t * testing . T , client * model . WebSocketClient , event model . WebsocketEventType , test func ( * model . WebSocketEvent ) ) {
2018-06-08 11:04:17 -04:00
for {
select {
case resp , ok := <- client . EventChannel :
2023-11-22 05:09:48 -05:00
require . Truef ( t , ok , "channel closed before receiving expected event %s" , string ( event ) )
2020-04-21 05:11:25 -04:00
if resp . EventType ( ) == event {
2018-06-08 11:04:17 -04:00
test ( resp )
return
}
case <- time . After ( 5 * time . Second ) :
2023-11-22 05:09:48 -05:00
require . Failf ( t , "failed to receive expected event %s" , string ( event ) )
2018-06-08 11:04:17 -04:00
}
}
}
func assertWebsocketEventUserUpdatedWithEmail ( t * testing . T , client * model . WebSocketClient , email string ) {
2021-07-12 14:05:36 -04:00
assertExpectedWebsocketEvent ( t , client , model . WebsocketEventUserUpdated , func ( event * model . WebSocketEvent ) {
2020-01-16 03:18:08 -05:00
eventUser , ok := event . GetData ( ) [ "user" ] . ( * model . User )
2019-11-15 09:13:32 -05:00
require . True ( t , ok , "expected user" )
2020-01-16 03:18:08 -05:00
assert . Equal ( t , email , eventUser . Email )
2018-06-08 11:04:17 -04:00
} )
}
2017-04-17 11:06:33 -04:00
func TestUpdateUserActive ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2018-06-08 11:04:17 -04:00
t . Run ( "basic tests" , func ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2017-10-02 04:50:56 -04:00
2018-06-08 11:04:17 -04:00
user := th . BasicUser
2017-04-17 11:06:33 -04:00
2018-06-08 11:04:17 -04:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . TeamSettings . EnableUserDeactivation = true } )
2023-06-06 17:29:29 -04:00
_ , err := th . Client . UpdateUserActive ( context . Background ( ) , user . Id , false )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-04-17 11:06:33 -04:00
2018-06-08 11:04:17 -04:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . TeamSettings . EnableUserDeactivation = false } )
2023-06-06 17:29:29 -04:00
resp , err := th . Client . UpdateUserActive ( context . Background ( ) , user . Id , false )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2018-06-08 11:04:17 -04:00
CheckUnauthorizedStatus ( t , resp )
2018-05-28 10:20:08 -04:00
2018-06-08 11:04:17 -04:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . TeamSettings . EnableUserDeactivation = true } )
2023-06-06 17:29:29 -04:00
resp , err = th . Client . UpdateUserActive ( context . Background ( ) , user . Id , false )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2018-06-08 11:04:17 -04:00
CheckUnauthorizedStatus ( t , resp )
2017-04-17 11:06:33 -04:00
2025-11-12 07:00:51 -05:00
th . LoginBasic2 ( t )
2017-04-17 11:06:33 -04:00
2023-06-06 17:29:29 -04:00
resp , err = th . Client . UpdateUserActive ( context . Background ( ) , user . Id , true )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2018-06-08 11:04:17 -04:00
CheckForbiddenStatus ( t , resp )
2017-04-17 11:06:33 -04:00
2023-12-20 00:46:54 -05:00
resp , err = th . Client . UpdateUserActive ( context . Background ( ) , GenerateTestID ( ) , true )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2018-06-08 11:04:17 -04:00
CheckForbiddenStatus ( t , resp )
2017-04-17 11:06:33 -04:00
2023-06-06 17:29:29 -04:00
resp , err = th . Client . UpdateUserActive ( context . Background ( ) , "junk" , true )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2018-06-08 11:04:17 -04:00
CheckBadRequestStatus ( t , resp )
2017-04-17 11:06:33 -04:00
2024-11-20 11:28:39 -05:00
_ , err = th . Client . Logout ( context . Background ( ) )
require . NoError ( t , err )
2017-04-17 11:06:33 -04:00
2023-06-06 17:29:29 -04:00
resp , err = th . Client . UpdateUserActive ( context . Background ( ) , user . Id , true )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2018-06-08 11:04:17 -04:00
CheckUnauthorizedStatus ( t , resp )
2017-04-17 11:06:33 -04:00
2020-06-12 02:35:09 -04:00
th . TestForSystemAdminAndLocal ( t , func ( t * testing . T , client * model . Client4 ) {
2023-06-06 17:29:29 -04:00
_ , err = client . UpdateUserActive ( context . Background ( ) , user . Id , true )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-04-17 11:06:33 -04:00
2023-06-06 17:29:29 -04:00
_ , err = client . UpdateUserActive ( context . Background ( ) , user . Id , false )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-12-08 14:14:55 -05:00
2020-06-12 02:35:09 -04:00
authData := model . NewId ( )
2022-10-06 04:04:21 -04:00
_ , err := th . App . Srv ( ) . Store ( ) . User ( ) . UpdateAuthData ( user . Id , "random" , & authData , "" , true )
2021-02-17 03:52:18 -05:00
require . NoError ( t , err )
2017-12-08 14:14:55 -05:00
2023-06-06 17:29:29 -04:00
_ , err = client . UpdateUserActive ( context . Background ( ) , user . Id , false )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-06-12 02:35:09 -04:00
} )
2018-06-08 11:04:17 -04:00
} )
t . Run ( "websocket events" , func ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2018-06-08 11:04:17 -04:00
user := th . BasicUser2
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . TeamSettings . EnableUserDeactivation = true } )
2025-01-29 08:58:43 -05:00
webSocketClient := th . CreateConnectedWebSocketClient ( t )
2018-06-08 11:04:17 -04:00
2019-11-15 09:13:32 -05:00
resp := <- webSocketClient . ResponseChannel
2021-07-12 14:05:36 -04:00
require . Equal ( t , model . StatusOk , resp . Status )
2018-06-08 11:04:17 -04:00
2025-01-29 08:58:43 -05:00
adminWebSocketClient := th . CreateConnectedWebSocketClientWithClient ( t , th . SystemAdminClient )
2018-06-08 11:04:17 -04:00
2020-06-12 02:35:09 -04:00
// Verify that both admins and regular users see the email when privacy settings allow same,
// and confirm event is fired for SystemAdmin and Local mode
2019-01-31 08:12:01 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . PrivacySettings . ShowEmailAddress = true } )
2020-06-12 02:35:09 -04:00
th . TestForSystemAdminAndLocal ( t , func ( t * testing . T , client * model . Client4 ) {
2023-06-06 17:29:29 -04:00
_ , err := client . UpdateUserActive ( context . Background ( ) , user . Id , false )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2018-06-08 11:04:17 -04:00
2020-06-12 02:35:09 -04:00
assertWebsocketEventUserUpdatedWithEmail ( t , webSocketClient , user . Email )
assertWebsocketEventUserUpdatedWithEmail ( t , adminWebSocketClient , user . Email )
} )
2018-06-08 11:04:17 -04:00
2020-06-12 02:35:09 -04:00
// Verify that only admins see the email when privacy settings hide emails,
// and confirm event is fired for SystemAdmin and Local mode
th . TestForSystemAdminAndLocal ( t , func ( t * testing . T , client * model . Client4 ) {
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . PrivacySettings . ShowEmailAddress = false } )
2023-06-06 17:29:29 -04:00
_ , err := client . UpdateUserActive ( context . Background ( ) , user . Id , true )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2018-06-08 11:04:17 -04:00
2020-06-12 02:35:09 -04:00
assertWebsocketEventUserUpdatedWithEmail ( t , webSocketClient , "" )
assertWebsocketEventUserUpdatedWithEmail ( t , adminWebSocketClient , user . Email )
} )
2018-06-08 11:04:17 -04:00
} )
2019-11-15 09:43:52 -05:00
t . Run ( "activate guest should fail when guests feature is disable" , func ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2019-11-15 09:43:52 -05:00
id := model . NewId ( )
guest := & model . User {
Email : "success+" + id + "@simulator.amazonses.com" ,
Username : "un_" + id ,
Nickname : "nn_" + id ,
2026-04-08 15:49:43 -04:00
Password : model . NewTestPassword ( ) ,
2019-11-15 09:43:52 -05:00
EmailVerified : true ,
}
2021-05-11 06:00:44 -04:00
user , err := th . App . CreateGuest ( th . Context , guest )
2019-11-15 09:43:52 -05:00
require . Nil ( t , err )
2024-11-20 11:28:39 -05:00
_ , appErr := th . App . UpdateActive ( th . Context , user , false )
require . Nil ( t , appErr )
2019-11-15 09:43:52 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . GuestAccountsSettings . Enable = false } )
defer th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . GuestAccountsSettings . Enable = true } )
2020-06-12 02:35:09 -04:00
th . TestForSystemAdminAndLocal ( t , func ( t * testing . T , client * model . Client4 ) {
2023-06-06 17:29:29 -04:00
resp , err := client . UpdateUserActive ( context . Background ( ) , user . Id , true )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2020-06-12 02:35:09 -04:00
CheckUnauthorizedStatus ( t , resp )
} )
2019-11-15 09:43:52 -05:00
} )
t . Run ( "activate guest should work when guests feature is enabled" , func ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2019-11-15 09:43:52 -05:00
id := model . NewId ( )
guest := & model . User {
Email : "success+" + id + "@simulator.amazonses.com" ,
Username : "un_" + id ,
Nickname : "nn_" + id ,
2026-04-08 15:49:43 -04:00
Password : model . NewTestPassword ( ) ,
2019-11-15 09:43:52 -05:00
EmailVerified : true ,
}
2021-08-13 07:12:16 -04:00
user , appErr := th . App . CreateGuest ( th . Context , guest )
require . Nil ( t , appErr )
2024-11-20 11:28:39 -05:00
_ , appErr = th . App . UpdateActive ( th . Context , user , false )
require . Nil ( t , appErr )
2019-11-15 09:43:52 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . GuestAccountsSettings . Enable = true } )
2020-06-12 02:35:09 -04:00
th . TestForSystemAdminAndLocal ( t , func ( t * testing . T , client * model . Client4 ) {
2023-06-06 17:29:29 -04:00
_ , err := client . UpdateUserActive ( context . Background ( ) , user . Id , true )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-06-12 02:35:09 -04:00
} )
2019-11-15 09:43:52 -05:00
} )
2024-10-09 12:59:53 -04:00
t . Run ( "update active status of LDAP user should fail" , func ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2024-10-09 12:59:53 -04:00
ldapUser := & model . User {
Email : "ldapuser@mattermost-customer.com" ,
Username : "ldapuser" ,
2026-04-08 15:49:43 -04:00
Password : model . NewTestPassword ( ) ,
2024-10-09 12:59:53 -04:00
AuthService : model . UserAuthServiceLdap ,
EmailVerified : true ,
}
user , appErr := th . App . CreateUser ( th . Context , ldapUser )
require . Nil ( t , appErr )
th . TestForSystemAdminAndLocal ( t , func ( t * testing . T , client * model . Client4 ) {
resp , err := client . UpdateUserActive ( context . Background ( ) , user . Id , false )
require . Error ( t , err )
CheckForbiddenStatus ( t , resp )
resp , err = client . UpdateUserActive ( context . Background ( ) , user . Id , true )
require . Error ( t , err )
CheckForbiddenStatus ( t , resp )
} )
} )
2017-04-17 11:06:33 -04:00
}
2017-02-03 15:17:34 -05:00
func TestGetUsers ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2020-07-22 04:20:33 -04:00
th := Setup ( t )
2017-02-03 15:17:34 -05:00
2020-07-23 06:53:35 -04:00
th . TestForAllClients ( t , func ( t * testing . T , client * model . Client4 ) {
2023-06-06 17:29:29 -04:00
rusers , _ , err := client . GetUsers ( context . Background ( ) , 0 , 60 , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-07-23 06:53:35 -04:00
for _ , u := range rusers {
CheckUserSanitization ( t , u )
}
2017-02-03 15:17:34 -05:00
2023-06-06 17:29:29 -04:00
rusers , _ , err = client . GetUsers ( context . Background ( ) , 0 , 1 , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-07-23 06:53:35 -04:00
require . Len ( t , rusers , 1 , "should be 1 per page" )
2017-02-03 15:17:34 -05:00
2023-06-06 17:29:29 -04:00
rusers , _ , err = client . GetUsers ( context . Background ( ) , 1 , 1 , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-07-23 06:53:35 -04:00
require . Len ( t , rusers , 1 , "should be 1 per page" )
2017-02-03 15:17:34 -05:00
2023-06-06 17:29:29 -04:00
rusers , _ , err = client . GetUsers ( context . Background ( ) , 10000 , 100 , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-07-23 06:53:35 -04:00
require . Empty ( t , rusers , "should be no users" )
2017-02-03 15:17:34 -05:00
2020-07-23 06:53:35 -04:00
// Check default params for page and per_page
2023-06-06 17:29:29 -04:00
_ , err = client . DoAPIGet ( context . Background ( ) , "/users" , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2022-12-09 01:13:13 -05:00
// Check role params validity
2023-06-06 17:29:29 -04:00
_ , _ , err = client . GetUsersWithCustomQueryParameters ( context . Background ( ) , 0 , 5 , "in_channel=random_channel_id&channel_roles=random_role_doesnt_exist" , "" )
2022-12-09 01:13:13 -05:00
require . Error ( t , err )
2023-12-11 04:27:51 -05:00
require . Equal ( t , err . Error ( ) , "Invalid or missing channelRoles in request body." )
2023-06-06 17:29:29 -04:00
_ , _ , err = client . GetUsersWithCustomQueryParameters ( context . Background ( ) , 0 , 5 , "in_team=random_channel_id&team_roles=random_role_doesnt_exist" , "" )
2022-12-09 01:13:13 -05:00
require . Error ( t , err )
2023-12-11 04:27:51 -05:00
require . Equal ( t , err . Error ( ) , "Invalid or missing teamRoles in request body." )
2023-06-06 17:29:29 -04:00
_ , _ , err = client . GetUsersWithCustomQueryParameters ( context . Background ( ) , 0 , 5 , "roles=random_role_doesnt_exist%2Csystem_user" , "" )
2022-12-09 01:13:13 -05:00
require . Error ( t , err )
2023-12-11 04:27:51 -05:00
require . Equal ( t , err . Error ( ) , "Invalid or missing roles in request body." )
2023-06-06 17:29:29 -04:00
_ , _ , err = client . GetUsersWithCustomQueryParameters ( context . Background ( ) , 0 , 5 , "role=random_role_doesnt_exist" , "" )
2022-12-09 01:13:13 -05:00
require . Error ( t , err )
2023-12-11 04:27:51 -05:00
require . Equal ( t , err . Error ( ) , "Invalid or missing role in request body." )
2020-07-23 06:53:35 -04:00
} )
2017-02-03 15:17:34 -05:00
2025-06-19 05:52:16 -04:00
th . TestForSystemAdminAndLocal ( t , func ( t * testing . T , c * model . Client4 ) {
user := & model . User {
Email : th . GenerateTestEmail ( ) ,
Username : GenerateTestUsername ( ) ,
AuthService : model . UserAuthServiceLdap ,
AuthData : model . NewPointer ( model . NewId ( ) ) ,
}
u , resp , err := c . CreateUser ( context . Background ( ) , user )
require . NoError ( t , err )
CheckCreatedStatus ( t , resp )
require . NotNil ( t , u )
u , resp , err = c . GetUser ( context . Background ( ) , u . Id , "" )
require . NoError ( t , err )
CheckOKStatus ( t , resp )
require . NotNil ( t , u )
assert . Equal ( t , user . AuthService , u . AuthService )
assert . Equal ( t , user . AuthData , u . AuthData )
} , "AuthData is returned for admins" )
2024-11-20 11:28:39 -05:00
_ , err := th . Client . Logout ( context . Background ( ) )
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
_ , resp , err := th . Client . GetUsers ( context . Background ( ) , 0 , 60 , "" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-02-03 15:17:34 -05:00
CheckUnauthorizedStatus ( t , resp )
}
2017-06-30 12:07:23 -04:00
func TestGetNewUsersInTeam ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2017-06-30 12:07:23 -04:00
teamId := th . BasicTeam . Id
2023-06-06 17:29:29 -04:00
rusers , _ , err := th . Client . GetNewUsersInTeam ( context . Background ( ) , teamId , 0 , 60 , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-06-30 12:07:23 -04:00
lastCreateAt := model . GetMillis ( )
for _ , u := range rusers {
2019-11-15 09:13:32 -05:00
require . LessOrEqual ( t , u . CreateAt , lastCreateAt , "right sorting" )
2017-06-30 12:07:23 -04:00
lastCreateAt = u . CreateAt
CheckUserSanitization ( t , u )
}
2023-06-06 17:29:29 -04:00
rusers , _ , err = th . Client . GetNewUsersInTeam ( context . Background ( ) , teamId , 1 , 1 , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-11-15 09:13:32 -05:00
require . Len ( t , rusers , 1 , "should be 1 per page" )
2017-06-30 12:07:23 -04:00
2024-11-20 11:28:39 -05:00
_ , err = th . Client . Logout ( context . Background ( ) )
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
_ , resp , err := th . Client . GetNewUsersInTeam ( context . Background ( ) , teamId , 1 , 1 , "" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-06-30 12:07:23 -04:00
CheckUnauthorizedStatus ( t , resp )
}
func TestGetRecentlyActiveUsersInTeam ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2017-06-30 12:07:23 -04:00
teamId := th . BasicTeam . Id
2018-07-16 15:49:26 -04:00
th . App . SetStatusOnline ( th . BasicUser . Id , true )
2017-06-30 12:07:23 -04:00
2023-06-06 17:29:29 -04:00
rusers , _ , err := th . Client . GetRecentlyActiveUsersInTeam ( context . Background ( ) , teamId , 0 , 60 , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-06-30 12:07:23 -04:00
for _ , u := range rusers {
2019-11-15 09:13:32 -05:00
require . NotZero ( t , u . LastActivityAt , "should return last activity at" )
2017-06-30 12:07:23 -04:00
CheckUserSanitization ( t , u )
}
2023-06-06 17:29:29 -04:00
rusers , _ , err = th . Client . GetRecentlyActiveUsersInTeam ( context . Background ( ) , teamId , 0 , 1 , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-11-15 09:13:32 -05:00
require . Len ( t , rusers , 1 , "should be 1 per page" )
2017-06-30 12:07:23 -04:00
2024-11-20 11:28:39 -05:00
_ , err = th . Client . Logout ( context . Background ( ) )
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
_ , resp , err := th . Client . GetRecentlyActiveUsersInTeam ( context . Background ( ) , teamId , 0 , 1 , "" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-06-30 12:07:23 -04:00
CheckUnauthorizedStatus ( t , resp )
}
2020-06-29 15:52:46 -04:00
func TestGetActiveUsersInTeam ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2020-06-29 15:52:46 -04:00
teamId := th . BasicTeam . Id
2024-11-20 11:28:39 -05:00
_ , err := th . SystemAdminClient . UpdateUserActive ( context . Background ( ) , th . BasicUser2 . Id , false )
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
rusers , _ , err := th . Client . GetActiveUsersInTeam ( context . Background ( ) , teamId , 0 , 60 , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-06-29 15:52:46 -04:00
require . NotZero ( t , len ( rusers ) )
for _ , u := range rusers {
require . Zero ( t , u . DeleteAt , "should not be deleted" )
require . NotEqual ( t , th . BasicUser2 . Id , "should not include deactivated user" )
CheckUserSanitization ( t , u )
}
2023-06-06 17:29:29 -04:00
rusers , _ , err = th . Client . GetActiveUsersInTeam ( context . Background ( ) , teamId , 0 , 1 , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-06-29 15:52:46 -04:00
require . Len ( t , rusers , 1 , "should be 1 per page" )
// Check case where we have supplied both active and inactive flags
2023-06-06 17:29:29 -04:00
_ , err = th . Client . DoAPIGet ( context . Background ( ) , "/users?inactive=true&active=true" , "" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2020-06-29 15:52:46 -04:00
2024-11-20 11:28:39 -05:00
_ , err = th . Client . Logout ( context . Background ( ) )
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
_ , resp , err := th . Client . GetActiveUsersInTeam ( context . Background ( ) , teamId , 0 , 1 , "" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2020-06-29 15:52:46 -04:00
CheckUnauthorizedStatus ( t , resp )
}
2017-03-29 21:11:40 -04:00
func TestGetUsersWithoutTeam ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2017-03-29 21:11:40 -04:00
2023-06-06 17:29:29 -04:00
_ , _ , err := th . Client . GetUsersWithoutTeam ( context . Background ( ) , 0 , 100 , "" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err , "should prevent non-admin user from getting users without a team" )
2017-03-29 21:11:40 -04:00
// These usernames need to appear in the first 100 users for this to work
2023-06-06 17:29:29 -04:00
user , _ , err := th . Client . CreateUser ( context . Background ( ) , & model . User {
2017-03-29 21:11:40 -04:00
Username : "a000000000" + model . NewId ( ) ,
Email : "success+" + model . NewId ( ) + "@simulator.amazonses.com" ,
2026-04-08 15:49:43 -04:00
Password : model . NewTestPassword ( ) ,
2017-03-29 21:11:40 -04:00
} )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2025-11-12 07:00:51 -05:00
th . LinkUserToTeam ( t , user , th . BasicTeam )
2024-11-20 11:28:39 -05:00
defer func ( ) {
err = th . App . Srv ( ) . Store ( ) . User ( ) . PermanentDelete ( th . Context , user . Id )
require . NoError ( t , err )
} ( )
2017-03-29 21:11:40 -04:00
2023-06-06 17:29:29 -04:00
user2 , _ , err := th . Client . CreateUser ( context . Background ( ) , & model . User {
2017-03-29 21:11:40 -04:00
Username : "a000000001" + model . NewId ( ) ,
Email : "success+" + model . NewId ( ) + "@simulator.amazonses.com" ,
2026-04-08 15:49:43 -04:00
Password : model . NewTestPassword ( ) ,
2017-03-29 21:11:40 -04:00
} )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2024-11-20 11:28:39 -05:00
defer func ( ) {
err = th . App . Srv ( ) . Store ( ) . User ( ) . PermanentDelete ( th . Context , user2 . Id )
require . NoError ( t , err )
} ( )
2017-03-29 21:11:40 -04:00
2023-06-06 17:29:29 -04:00
rusers , _ , err := th . SystemAdminClient . GetUsersWithoutTeam ( context . Background ( ) , 0 , 100 , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-03-29 21:11:40 -04:00
found1 := false
found2 := false
for _ , u := range rusers {
if u . Id == user . Id {
found1 = true
} else if u . Id == user2 . Id {
found2 = true
}
}
2019-11-15 09:13:32 -05:00
require . False ( t , found1 , "should not return user that as a team" )
require . True ( t , found2 , "should return user that has no teams" )
2017-03-29 21:11:40 -04:00
}
2017-02-03 15:17:34 -05:00
func TestGetUsersInTeam ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2017-02-03 15:17:34 -05:00
teamId := th . BasicTeam . Id
2023-06-06 17:29:29 -04:00
rusers , resp , err := th . Client . GetUsersInTeam ( context . Background ( ) , teamId , 0 , 60 , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-02-03 15:17:34 -05:00
for _ , u := range rusers {
CheckUserSanitization ( t , u )
}
2023-06-06 17:29:29 -04:00
rusers , resp , _ = th . Client . GetUsersInTeam ( context . Background ( ) , teamId , 0 , 60 , resp . Etag )
2017-02-03 15:17:34 -05:00
CheckEtag ( t , rusers , resp )
2023-06-06 17:29:29 -04:00
rusers , _ , err = th . Client . GetUsersInTeam ( context . Background ( ) , teamId , 0 , 1 , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-11-15 09:13:32 -05:00
require . Len ( t , rusers , 1 , "should be 1 per page" )
2017-02-03 15:17:34 -05:00
2023-06-06 17:29:29 -04:00
rusers , _ , err = th . Client . GetUsersInTeam ( context . Background ( ) , teamId , 1 , 1 , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-11-15 09:13:32 -05:00
require . Len ( t , rusers , 1 , "should be 1 per page" )
2017-02-03 15:17:34 -05:00
2023-06-06 17:29:29 -04:00
rusers , _ , err = th . Client . GetUsersInTeam ( context . Background ( ) , teamId , 10000 , 100 , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-11-15 09:13:32 -05:00
require . Empty ( t , rusers , "should be no users" )
2017-02-03 15:17:34 -05:00
2024-11-20 11:28:39 -05:00
_ , err = th . Client . Logout ( context . Background ( ) )
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . GetUsersInTeam ( context . Background ( ) , teamId , 0 , 60 , "" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-02-03 15:17:34 -05:00
CheckUnauthorizedStatus ( t , resp )
2025-11-12 07:00:51 -05:00
user := th . CreateUser ( t )
2024-11-20 11:28:39 -05:00
_ , _ , err = th . Client . Login ( context . Background ( ) , user . Email , user . Password )
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . GetUsersInTeam ( context . Background ( ) , teamId , 0 , 60 , "" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-02-03 15:17:34 -05:00
CheckForbiddenStatus ( t , resp )
2023-06-06 17:29:29 -04:00
_ , _ , err = th . SystemAdminClient . GetUsersInTeam ( context . Background ( ) , teamId , 0 , 60 , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-02-03 15:17:34 -05:00
}
2017-03-29 21:10:51 -04:00
func TestGetUsersNotInTeam ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t ) . DeleteBots ( t )
2017-03-29 21:10:51 -04:00
teamId := th . BasicTeam . Id
2023-06-06 17:29:29 -04:00
rusers , resp , err := th . Client . GetUsersNotInTeam ( context . Background ( ) , teamId , 0 , 60 , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-03-29 21:10:51 -04:00
for _ , u := range rusers {
CheckUserSanitization ( t , u )
}
2021-01-12 14:45:17 -05:00
require . Len ( t , rusers , 2 , "should be 2 users in total" )
2017-03-29 21:10:51 -04:00
2023-06-06 17:29:29 -04:00
rusers , resp , _ = th . Client . GetUsersNotInTeam ( context . Background ( ) , teamId , 0 , 60 , resp . Etag )
2017-03-29 21:10:51 -04:00
CheckEtag ( t , rusers , resp )
2023-06-06 17:29:29 -04:00
rusers , _ , err = th . Client . GetUsersNotInTeam ( context . Background ( ) , teamId , 0 , 1 , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2018-11-20 20:16:25 -05:00
require . Len ( t , rusers , 1 , "should be 1 per page" )
2017-03-29 21:10:51 -04:00
2023-06-06 17:29:29 -04:00
rusers , _ , err = th . Client . GetUsersNotInTeam ( context . Background ( ) , teamId , 2 , 1 , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-12-22 06:35:31 -05:00
require . Empty ( t , rusers , "should be no users" )
2017-03-29 21:10:51 -04:00
2023-06-06 17:29:29 -04:00
rusers , _ , err = th . Client . GetUsersNotInTeam ( context . Background ( ) , teamId , 10000 , 100 , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-12-22 06:35:31 -05:00
require . Empty ( t , rusers , "should be no users" )
2017-03-29 21:10:51 -04:00
2024-11-20 11:28:39 -05:00
_ , err = th . Client . Logout ( context . Background ( ) )
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . GetUsersNotInTeam ( context . Background ( ) , teamId , 0 , 60 , "" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-03-29 21:10:51 -04:00
CheckUnauthorizedStatus ( t , resp )
2025-11-12 07:00:51 -05:00
user := th . CreateUser ( t )
2024-11-20 11:28:39 -05:00
_ , _ , err = th . Client . Login ( context . Background ( ) , user . Email , user . Password )
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . GetUsersNotInTeam ( context . Background ( ) , teamId , 0 , 60 , "" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-03-29 21:10:51 -04:00
CheckForbiddenStatus ( t , resp )
2023-06-06 17:29:29 -04:00
_ , _ , err = th . SystemAdminClient . GetUsersNotInTeam ( context . Background ( ) , teamId , 0 , 60 , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-03-29 21:10:51 -04:00
}
2017-02-03 15:17:34 -05:00
func TestGetUsersInChannel ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2017-02-03 15:17:34 -05:00
channelId := th . BasicChannel . Id
2023-06-06 17:29:29 -04:00
rusers , _ , err := th . Client . GetUsersInChannel ( context . Background ( ) , channelId , 0 , 60 , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-02-03 15:17:34 -05:00
for _ , u := range rusers {
CheckUserSanitization ( t , u )
}
2023-06-06 17:29:29 -04:00
rusers , _ , err = th . Client . GetUsersInChannel ( context . Background ( ) , channelId , 0 , 1 , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-11-15 09:13:32 -05:00
require . Len ( t , rusers , 1 , "should be 1 per page" )
2017-02-03 15:17:34 -05:00
2023-06-06 17:29:29 -04:00
rusers , _ , err = th . Client . GetUsersInChannel ( context . Background ( ) , channelId , 1 , 1 , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-11-15 09:13:32 -05:00
require . Len ( t , rusers , 1 , "should be 1 per page" )
2017-02-03 15:17:34 -05:00
2023-06-06 17:29:29 -04:00
rusers , _ , err = th . Client . GetUsersInChannel ( context . Background ( ) , channelId , 10000 , 100 , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-12-22 06:35:31 -05:00
require . Empty ( t , rusers , "should be no users" )
2017-02-03 15:17:34 -05:00
2024-11-20 11:28:39 -05:00
_ , err = th . Client . Logout ( context . Background ( ) )
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
_ , resp , err := th . Client . GetUsersInChannel ( context . Background ( ) , channelId , 0 , 60 , "" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-02-03 15:17:34 -05:00
CheckUnauthorizedStatus ( t , resp )
2025-11-12 07:00:51 -05:00
user := th . CreateUser ( t )
2024-11-20 11:28:39 -05:00
_ , _ , err = th . Client . Login ( context . Background ( ) , user . Email , user . Password )
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . GetUsersInChannel ( context . Background ( ) , channelId , 0 , 60 , "" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-02-03 15:17:34 -05:00
CheckForbiddenStatus ( t , resp )
2023-06-06 17:29:29 -04:00
_ , _ , err = th . SystemAdminClient . GetUsersInChannel ( context . Background ( ) , channelId , 0 , 60 , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2021-11-25 09:01:17 -05:00
MM-63240: Always allow viewing archived channels (#32162)
* server: allow access to channel bookmarks in an archived channel
* server: allow access to posts in archived channels
* server: allow accessing channel members for archived channels
* server: allow autocompleting/searching archived channels
* server: allow access to files from archived channels
* server: fix access issue on database error
* server: allow access to archived channels
* server: remove TeamSettings.ExperimentalViewArchivedChannels from telemetry
* server: remove ExperimentalViewArchivedChannels from client config
* webapp: simplify delete channel
* webapp: simplify channel settings modal
* webapp: do not redirect away from archived channel
* webapp: rhs, always search posts from archived channels
* webapp: switch channels, always support archived channels
* webapp: search channel provider, always support archived channels
* webapp: browse channels, always support archived channels
* webapp, search results? fixup?
* webapp, confusing type issue
* webapp: unarchive, no need to report view archived
* webapp: command test, no need for ExperimentalViewArchivedChannels in config
* webapp: remove ExperimentalViewArchivedChannels from system console
* webapp: redux, do not delete posts, also fix LEAVE_CHANNEL
* update e2e tests
* server: fail startup if ExperimentalViewArchivedChannels is not enabled
* extract i18n
* updated snapshots
* update tests
* simplify posts reducer
* updated tests
* additional e2e tests
* Fix locale consistency in Jest tests
Added consistent locale environment variables (LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8)
to all Jest test scripts to prevent locale-dependent date formatting differences
across development environments.
This resolves snapshot test failures where DateTime.toLocaleString() would produce
different date formats on different systems (e.g., "6/8/2025" vs "08/06/2025" vs "2025-06-08").
Updated test scripts:
- test, test:watch, test:updatesnapshot, test:debug, test-ci
Updated snapshot to consistent en_US format.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Remove includeArchivedChannels parameter from GetMemberForPost
* Remove unnecessary includeDeleted variable assignments
* Deprecate ExperimentalViewArchivedChannels config field
---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
2025-08-15 12:50:20 -04:00
t . Run ( "Should allow getting the members of an archived channel" , func ( t * testing . T ) {
2025-11-12 07:00:51 -05:00
th . LoginBasic ( t )
2023-06-06 17:29:29 -04:00
channel , _ , appErr := th . SystemAdminClient . CreateChannel ( context . Background ( ) , & model . Channel {
2021-11-25 09:01:17 -05:00
DisplayName : "User Created Channel" ,
Name : model . NewId ( ) ,
Type : model . ChannelTypeOpen ,
TeamId : th . BasicTeam . Id ,
} )
require . NoError ( t , appErr )
2022-07-14 05:01:29 -04:00
_ , aErr := th . App . AddUserToChannel ( th . Context , th . BasicUser , channel , false )
2021-11-25 09:01:17 -05:00
require . Nil ( t , aErr )
2022-07-14 05:01:29 -04:00
_ , aErr = th . App . AddUserToChannel ( th . Context , th . BasicUser2 , channel , false )
2021-11-25 09:01:17 -05:00
require . Nil ( t , aErr )
2024-11-20 11:28:39 -05:00
_ , err = th . SystemAdminClient . DeleteChannel ( context . Background ( ) , channel . Id )
require . NoError ( t , err )
2021-11-25 09:01:17 -05:00
for _ , client := range [ ] * model . Client4 { th . SystemAdminClient , th . Client , th . LocalClient } {
2023-06-06 17:29:29 -04:00
users , _ , userErr := client . GetUsersInChannel ( context . Background ( ) , channel . Id , 0 , 1000 , "" )
2021-11-25 09:01:17 -05:00
require . NoError ( t , userErr )
require . Len ( t , users , 3 )
}
} )
2017-02-03 15:17:34 -05:00
}
func TestGetUsersNotInChannel ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2017-02-03 15:17:34 -05:00
teamId := th . BasicTeam . Id
channelId := th . BasicChannel . Id
2025-11-12 07:00:51 -05:00
user := th . CreateUser ( t )
th . LinkUserToTeam ( t , user , th . BasicTeam )
2017-02-03 15:17:34 -05:00
2023-06-06 17:29:29 -04:00
rusers , _ , err := th . Client . GetUsersNotInChannel ( context . Background ( ) , teamId , channelId , 0 , 60 , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-02-03 15:17:34 -05:00
for _ , u := range rusers {
CheckUserSanitization ( t , u )
}
2023-06-06 17:29:29 -04:00
rusers , _ , err = th . Client . GetUsersNotInChannel ( context . Background ( ) , teamId , channelId , 0 , 1 , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-11-15 09:13:32 -05:00
require . Len ( t , rusers , 1 , "should be 1 per page" )
2017-02-03 15:17:34 -05:00
2023-06-06 17:29:29 -04:00
rusers , _ , err = th . Client . GetUsersNotInChannel ( context . Background ( ) , teamId , channelId , 10000 , 100 , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-12-22 06:35:31 -05:00
require . Empty ( t , rusers , "should be no users" )
2017-02-03 15:17:34 -05:00
2024-11-20 11:28:39 -05:00
_ , err = th . Client . Logout ( context . Background ( ) )
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
_ , resp , err := th . Client . GetUsersNotInChannel ( context . Background ( ) , teamId , channelId , 0 , 60 , "" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-02-03 15:17:34 -05:00
CheckUnauthorizedStatus ( t , resp )
2024-11-20 11:28:39 -05:00
_ , _ , err = th . Client . Login ( context . Background ( ) , user . Email , user . Password )
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . GetUsersNotInChannel ( context . Background ( ) , teamId , channelId , 0 , 60 , "" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-02-03 15:17:34 -05:00
CheckForbiddenStatus ( t , resp )
2023-06-06 17:29:29 -04:00
_ , _ , err = th . SystemAdminClient . GetUsersNotInChannel ( context . Background ( ) , teamId , channelId , 0 , 60 , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-02-03 15:17:34 -05:00
}
2017-02-07 12:35:58 -05:00
2020-06-18 10:22:35 -04:00
func TestGetUsersInGroup ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2020-06-18 10:22:35 -04:00
id := model . NewId ( )
2021-08-13 07:12:16 -04:00
group , appErr := th . App . CreateGroup ( & model . Group {
2020-06-18 10:22:35 -04:00
DisplayName : "dn-foo_" + id ,
2024-08-05 23:45:00 -04:00
Name : model . NewPointer ( "name" + id ) ,
2020-06-18 10:22:35 -04:00
Source : model . GroupSourceLdap ,
Description : "description_" + id ,
2024-08-05 23:45:00 -04:00
RemoteId : model . NewPointer ( model . NewId ( ) ) ,
2020-06-18 10:22:35 -04:00
} )
2021-08-13 07:12:16 -04:00
assert . Nil ( t , appErr )
2020-06-18 10:22:35 -04:00
2022-10-25 11:54:51 -04:00
cid := model . NewId ( )
customGroup , appErr := th . App . CreateGroup ( & model . Group {
DisplayName : "dn-foo_" + cid ,
2024-08-05 23:45:00 -04:00
Name : model . NewPointer ( "name" + cid ) ,
2022-10-25 11:54:51 -04:00
Source : model . GroupSourceCustom ,
Description : "description_" + cid ,
2024-08-05 23:45:00 -04:00
RemoteId : model . NewPointer ( model . NewId ( ) ) ,
2022-10-25 11:54:51 -04:00
} )
assert . Nil ( t , appErr )
user1 , err := th . App . CreateUser ( th . Context , & model . User { Email : th . GenerateTestEmail ( ) , Nickname : "test user1" , Password : "test-password-1" , Username : "test-user-1" , Roles : model . SystemUserRoleId } )
assert . Nil ( t , err )
2020-06-18 10:22:35 -04:00
t . Run ( "Requires ldap license" , func ( t * testing . T ) {
2023-06-06 17:29:29 -04:00
_ , response , err := th . SystemAdminClient . GetUsersInGroup ( context . Background ( ) , group . Id , 0 , 60 , "" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2022-08-08 10:32:49 -04:00
CheckForbiddenStatus ( t , response )
2020-06-18 10:22:35 -04:00
} )
2022-10-25 11:54:51 -04:00
th . App . Srv ( ) . SetLicense ( model . NewTestLicenseSKU ( model . LicenseShortSkuProfessional ) )
2020-06-18 10:22:35 -04:00
t . Run ( "Requires manage system permission to access users in group" , func ( t * testing . T ) {
2024-11-20 11:28:39 -05:00
_ , _ , err := th . Client . Login ( context . Background ( ) , th . BasicUser . Email , th . BasicUser . Password )
require . NoError ( t , err )
var response * model . Response
_ , response , err = th . Client . GetUsersInGroup ( context . Background ( ) , group . Id , 0 , 60 , "" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2020-06-18 10:22:35 -04:00
CheckForbiddenStatus ( t , response )
} )
_ , err = th . App . UpsertGroupMember ( group . Id , user1 . Id )
assert . Nil ( t , err )
t . Run ( "Returns users in group when called by system admin" , func ( t * testing . T ) {
2023-06-06 17:29:29 -04:00
users , _ , err := th . SystemAdminClient . GetUsersInGroup ( context . Background ( ) , group . Id , 0 , 60 , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-06-18 10:22:35 -04:00
assert . Equal ( t , users [ 0 ] . Id , user1 . Id )
} )
t . Run ( "Returns no users when pagination out of range" , func ( t * testing . T ) {
2023-06-06 17:29:29 -04:00
users , _ , err := th . SystemAdminClient . GetUsersInGroup ( context . Background ( ) , group . Id , 5 , 60 , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-06-18 10:22:35 -04:00
assert . Empty ( t , users )
} )
2022-10-25 11:54:51 -04:00
_ , err = th . App . UpsertGroupMember ( customGroup . Id , user1 . Id )
assert . Nil ( t , err )
t . Run ( "Returns users in custom group when called by regular user" , func ( t * testing . T ) {
2024-11-20 11:28:39 -05:00
_ , _ , err := th . Client . Login ( context . Background ( ) , th . BasicUser . Email , th . BasicUser . Password )
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
users , _ , err := th . Client . GetUsersInGroup ( context . Background ( ) , customGroup . Id , 0 , 60 , "" )
2022-10-25 11:54:51 -04:00
require . NoError ( t , err )
assert . Equal ( t , users [ 0 ] . Id , user1 . Id )
} )
t . Run ( "Returns no users in custom group when called by guest user" , func ( t * testing . T ) {
2024-11-20 11:28:39 -05:00
_ , _ , err := th . Client . Login ( context . Background ( ) , th . BasicUser . Email , th . BasicUser . Password )
require . NoError ( t , err )
appErr := th . App . DemoteUserToGuest ( th . Context , th . BasicUser )
require . Nil ( t , appErr )
2022-10-25 11:54:51 -04:00
2023-06-06 17:29:29 -04:00
users , _ , err := th . Client . GetUsersInGroup ( context . Background ( ) , customGroup . Id , 0 , 60 , "" )
2022-10-25 11:54:51 -04:00
require . NoError ( t , err )
assert . Equal ( t , len ( users ) , 0 )
} )
2020-06-18 10:22:35 -04:00
}
2022-12-15 14:20:36 -05:00
func TestGetUsersInGroupByDisplayName ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2022-12-15 14:20:36 -05:00
id := model . NewId ( )
group , appErr := th . App . CreateGroup ( & model . Group {
DisplayName : "dn-foo_" + id ,
2024-08-05 23:45:00 -04:00
Name : model . NewPointer ( "name" + id ) ,
2022-12-15 14:20:36 -05:00
Source : model . GroupSourceLdap ,
Description : "description_" + id ,
2024-08-05 23:45:00 -04:00
RemoteId : model . NewPointer ( model . NewId ( ) ) ,
2022-12-15 14:20:36 -05:00
} )
assert . Nil ( t , appErr )
user1 , err := th . App . CreateUser ( th . Context , & model . User { Email : th . GenerateTestEmail ( ) , Nickname : "aaa" , Password : "test-password-1" , Username : "zzz" , Roles : model . SystemUserRoleId } )
assert . Nil ( t , err )
user2 , err := th . App . CreateUser ( th . Context , & model . User { Email : th . GenerateTestEmail ( ) , Password : "test-password-2" , Username : "bbb" , Roles : model . SystemUserRoleId } )
assert . Nil ( t , err )
_ , err = th . App . UpsertGroupMember ( group . Id , user1 . Id )
assert . Nil ( t , err )
_ , err = th . App . UpsertGroupMember ( group . Id , user2 . Id )
assert . Nil ( t , err )
th . App . Srv ( ) . SetLicense ( model . NewTestLicenseSKU ( model . LicenseShortSkuProfessional ) )
th . App . UpdateConfig ( func ( cfg * model . Config ) {
* cfg . PrivacySettings . ShowFullName = true
} )
preference := model . Preference {
UserId : th . SystemAdminUser . Id ,
Category : model . PreferenceCategoryDisplaySettings ,
Name : model . PreferenceNameNameFormat ,
Value : model . ShowUsername ,
}
2024-01-03 12:25:53 -05:00
err = th . App . UpdatePreferences ( th . Context , th . SystemAdminUser . Id , model . Preferences { preference } )
2022-12-15 14:20:36 -05:00
assert . Nil ( t , err )
t . Run ( "Returns users in group in right order for username" , func ( t * testing . T ) {
2023-06-06 17:29:29 -04:00
users , _ , err := th . SystemAdminClient . GetUsersInGroupByDisplayName ( context . Background ( ) , group . Id , 0 , 1 , "" )
2022-12-15 14:20:36 -05:00
require . NoError ( t , err )
assert . Equal ( t , users [ 0 ] . Id , user2 . Id )
} )
preference . Value = model . ShowNicknameFullName
2024-01-03 12:25:53 -05:00
err = th . App . UpdatePreferences ( th . Context , th . SystemAdminUser . Id , model . Preferences { preference } )
2022-12-15 14:20:36 -05:00
assert . Nil ( t , err )
t . Run ( "Returns users in group in right order for nickname" , func ( t * testing . T ) {
2023-06-06 17:29:29 -04:00
users , _ , err := th . SystemAdminClient . GetUsersInGroupByDisplayName ( context . Background ( ) , group . Id , 0 , 1 , "" )
2022-12-15 14:20:36 -05:00
require . NoError ( t , err )
assert . Equal ( t , users [ 0 ] . Id , user1 . Id )
} )
}
2017-10-04 11:04:56 -04:00
func TestUpdateUserMfa ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2017-03-13 08:29:56 -04:00
2020-06-12 07:43:50 -04:00
th . App . Srv ( ) . SetLicense ( model . NewTestLicense ( "mfa" ) )
2025-02-22 02:24:52 -05:00
t . Run ( "Without enforcing" , func ( t * testing . T ) {
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . EnableMultifactorAuthentication = true } )
2017-03-13 08:29:56 -04:00
2025-02-22 02:24:52 -05:00
session , _ := th . App . GetSession ( th . Client . AuthToken )
session . IsOAuth = true
th . App . AddSessionToCache ( session )
2017-03-13 08:29:56 -04:00
2025-02-22 02:24:52 -05:00
defer th . Server . Platform ( ) . ClearUserSessionCacheLocal ( th . BasicUser . Id )
2020-06-12 02:35:09 -04:00
2025-02-22 02:24:52 -05:00
resp , err := th . Client . UpdateUserMfa ( context . Background ( ) , th . BasicUser . Id , "12345" , false )
require . Error ( t , err )
CheckForbiddenStatus ( t , resp )
th . TestForSystemAdminAndLocal ( t , func ( t * testing . T , client * model . Client4 ) {
_ , err := client . UpdateUserMfa ( context . Background ( ) , th . BasicUser . Id , "12345" , false )
require . NoError ( t , err )
} )
} )
t . Run ( "Enforcing" , func ( t * testing . T ) {
th . App . UpdateConfig ( func ( cfg * model . Config ) {
* cfg . ServiceSettings . EnableMultifactorAuthentication = true
* cfg . ServiceSettings . EnforceMultifactorAuthentication = true
} )
resp , err := th . Client . UpdateUserMfa ( context . Background ( ) , th . BasicUser . Id , "12345" , false )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2025-02-22 02:24:52 -05:00
CheckOKStatus ( t , resp )
resp , err = th . LocalClient . UpdateUserMfa ( context . Background ( ) , th . BasicUser . Id , "12345" , false )
require . NoError ( t , err )
CheckOKStatus ( t , resp )
resp , err = th . SystemAdminClient . UpdateUserMfa ( context . Background ( ) , th . BasicUser . Id , "12345" , false )
require . Error ( t , err )
CheckForbiddenStatus ( t , resp )
CheckErrorID ( t , err , "api.context.mfa_required.app_error" )
2020-06-12 02:35:09 -04:00
} )
2017-10-04 11:04:56 -04:00
}
2017-03-13 08:29:56 -04:00
2019-03-01 12:56:11 -05:00
func TestUserLoginMFAFlow ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2019-03-01 12:56:11 -05:00
2019-03-04 09:27:59 -05:00
th . App . UpdateConfig ( func ( c * model . Config ) {
2019-03-01 12:56:11 -05:00
* c . ServiceSettings . EnableMultifactorAuthentication = true
} )
2019-03-04 09:27:59 -05:00
t . Run ( "WithoutMFA" , func ( t * testing . T ) {
2023-06-06 17:29:29 -04:00
_ , _ , err := th . Client . Login ( context . Background ( ) , th . BasicUser . Email , th . BasicUser . Password )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-03-01 12:56:11 -05:00
} )
2019-04-15 12:40:14 -04:00
t . Run ( "WithInvalidMFA" , func ( t * testing . T ) {
2021-08-13 07:12:16 -04:00
secret , appErr := th . App . GenerateMfaSecret ( th . BasicUser . Id )
assert . Nil ( t , appErr )
2019-03-01 12:56:11 -05:00
2019-04-15 12:40:14 -04:00
// Fake user has MFA enabled
2022-10-06 04:04:21 -04:00
err := th . Server . Store ( ) . User ( ) . UpdateMfaActive ( th . BasicUser . Id , true )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-04-15 12:40:14 -04:00
2022-10-06 04:04:21 -04:00
err = th . Server . Store ( ) . User ( ) . UpdateMfaActive ( th . BasicUser . Id , true )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-11-15 09:13:32 -05:00
2022-10-06 04:04:21 -04:00
err = th . Server . Store ( ) . User ( ) . UpdateMfaSecret ( th . BasicUser . Id , secret . Secret )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-03-01 12:56:11 -05:00
2023-06-06 17:29:29 -04:00
user , _ , err := th . Client . Login ( context . Background ( ) , th . BasicUser . Email , th . BasicUser . Password )
2021-08-13 07:12:16 -04:00
CheckErrorID ( t , err , "mfa.validate_token.authenticate.app_error" )
2019-03-01 12:56:11 -05:00
assert . Nil ( t , user )
2023-06-06 17:29:29 -04:00
user , _ , err = th . Client . LoginWithMFA ( context . Background ( ) , th . BasicUser . Email , th . BasicUser . Password , "" )
2021-08-13 07:12:16 -04:00
CheckErrorID ( t , err , "mfa.validate_token.authenticate.app_error" )
2019-03-01 12:56:11 -05:00
assert . Nil ( t , user )
2023-06-06 17:29:29 -04:00
user , _ , err = th . Client . LoginWithMFA ( context . Background ( ) , th . BasicUser . Email , th . BasicUser . Password , "abcdefgh" )
2021-08-13 07:12:16 -04:00
CheckErrorID ( t , err , "mfa.validate_token.authenticate.app_error" )
2019-03-01 12:56:11 -05:00
assert . Nil ( t , user )
2021-08-13 07:12:16 -04:00
secret2 , appErr := th . App . GenerateMfaSecret ( th . BasicUser2 . Id )
assert . Nil ( t , appErr )
2023-06-06 17:29:29 -04:00
user , _ , err = th . Client . LoginWithMFA ( context . Background ( ) , th . BasicUser . Email , th . BasicUser . Password , secret2 . Secret )
2021-08-13 07:12:16 -04:00
CheckErrorID ( t , err , "mfa.validate_token.authenticate.app_error" )
2019-03-01 12:56:11 -05:00
assert . Nil ( t , user )
} )
2019-03-04 09:27:59 -05:00
t . Run ( "WithCorrectMFA" , func ( t * testing . T ) {
2021-08-13 07:12:16 -04:00
secret , appErr := th . App . GenerateMfaSecret ( th . BasicUser . Id )
assert . Nil ( t , appErr )
2019-04-15 12:40:14 -04:00
// Fake user has MFA enabled
2022-10-06 04:04:21 -04:00
err := th . Server . Store ( ) . User ( ) . UpdateMfaActive ( th . BasicUser . Id , true )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-04-15 12:40:14 -04:00
2022-10-06 04:04:21 -04:00
err = th . Server . Store ( ) . User ( ) . UpdateMfaSecret ( th . BasicUser . Id , secret . Secret )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-04-15 12:40:14 -04:00
2019-03-04 09:27:59 -05:00
code := dgoogauth . ComputeCode ( secret . Secret , time . Now ( ) . UTC ( ) . Unix ( ) / 30 )
2019-03-01 12:56:11 -05:00
2023-06-06 17:29:29 -04:00
user , _ , err := th . Client . LoginWithMFA ( context . Background ( ) , th . BasicUser . Email , th . BasicUser . Password , fmt . Sprintf ( "%06d" , code ) )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-03-01 12:56:11 -05:00
assert . NotNil ( t , user )
} )
2017-03-27 09:21:48 -04:00
}
2017-03-31 10:00:01 -04:00
func TestGenerateMfaSecret ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2017-03-27 09:21:48 -04:00
2019-01-24 15:19:32 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . EnableMultifactorAuthentication = false } )
2023-06-06 17:29:29 -04:00
_ , resp , err := th . Client . GenerateMfaSecret ( context . Background ( ) , th . BasicUser . Id )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-03-27 09:21:48 -04:00
CheckNotImplementedStatus ( t , resp )
2023-06-06 17:29:29 -04:00
_ , resp , err = th . SystemAdminClient . GenerateMfaSecret ( context . Background ( ) , th . BasicUser . Id )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-10-04 11:04:56 -04:00
CheckNotImplementedStatus ( t , resp )
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . GenerateMfaSecret ( context . Background ( ) , "junk" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-03-27 09:21:48 -04:00
CheckBadRequestStatus ( t , resp )
2020-06-12 07:43:50 -04:00
th . App . Srv ( ) . SetLicense ( model . NewTestLicense ( "mfa" ) )
2017-10-18 18:36:43 -04:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . EnableMultifactorAuthentication = true } )
2017-10-04 11:04:56 -04:00
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . GenerateMfaSecret ( context . Background ( ) , model . NewId ( ) )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-03-27 09:21:48 -04:00
CheckForbiddenStatus ( t , resp )
2019-01-24 15:19:32 -05:00
session , _ := th . App . GetSession ( th . Client . AuthToken )
2017-10-04 11:04:56 -04:00
session . IsOAuth = true
2017-10-26 15:21:22 -04:00
th . App . AddSessionToCache ( session )
2017-10-04 11:04:56 -04:00
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . GenerateMfaSecret ( context . Background ( ) , th . BasicUser . Id )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-10-04 11:04:56 -04:00
CheckForbiddenStatus ( t , resp )
2024-11-20 11:28:39 -05:00
_ , err = th . Client . Logout ( context . Background ( ) )
require . NoError ( t , err )
2017-03-27 09:21:48 -04:00
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . GenerateMfaSecret ( context . Background ( ) , th . BasicUser . Id )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-03-27 09:21:48 -04:00
CheckUnauthorizedStatus ( t , resp )
2017-03-31 10:00:01 -04:00
}
2017-03-27 09:21:48 -04:00
2017-02-07 12:35:58 -05:00
func TestUpdateUserPassword ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2017-02-07 12:35:58 -05:00
2026-04-08 15:49:43 -04:00
password := model . NewTestPassword ( )
2023-06-06 17:29:29 -04:00
_ , err := th . Client . UpdateUserPassword ( context . Background ( ) , th . BasicUser . Id , th . BasicUser . Password , password )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-02-07 12:35:58 -05:00
2023-06-06 17:29:29 -04:00
resp , err := th . Client . UpdateUserPassword ( context . Background ( ) , th . BasicUser . Id , password , "" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-02-07 12:35:58 -05:00
CheckBadRequestStatus ( t , resp )
2026-04-08 15:49:43 -04:00
newInvalidPassword := "junk"
resp , err = th . Client . UpdateUserPassword ( context . Background ( ) , th . BasicUser . Id , password , newInvalidPassword )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-02-07 12:35:58 -05:00
CheckBadRequestStatus ( t , resp )
2023-06-06 17:29:29 -04:00
resp , err = th . Client . UpdateUserPassword ( context . Background ( ) , "junk" , password , password )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-02-07 12:35:58 -05:00
CheckBadRequestStatus ( t , resp )
2023-06-06 17:29:29 -04:00
resp , err = th . Client . UpdateUserPassword ( context . Background ( ) , th . BasicUser . Id , "" , password )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-02-07 12:35:58 -05:00
CheckBadRequestStatus ( t , resp )
2026-04-08 15:49:43 -04:00
resp , err = th . Client . UpdateUserPassword ( context . Background ( ) , th . BasicUser . Id , model . NewTestPassword ( ) , password )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-02-07 12:35:58 -05:00
CheckBadRequestStatus ( t , resp )
2023-06-06 17:29:29 -04:00
_ , err = th . Client . UpdateUserPassword ( context . Background ( ) , th . BasicUser . Id , password , th . BasicUser . Password )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-02-07 12:35:58 -05:00
2024-11-20 11:28:39 -05:00
_ , err = th . Client . Logout ( context . Background ( ) )
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
resp , err = th . Client . UpdateUserPassword ( context . Background ( ) , th . BasicUser . Id , password , password )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-02-07 12:35:58 -05:00
CheckUnauthorizedStatus ( t , resp )
2025-11-12 07:00:51 -05:00
th . LoginBasic2 ( t )
2023-06-06 17:29:29 -04:00
resp , err = th . Client . UpdateUserPassword ( context . Background ( ) , th . BasicUser . Id , password , password )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-02-07 12:35:58 -05:00
CheckForbiddenStatus ( t , resp )
2025-11-12 07:00:51 -05:00
th . LoginBasic ( t )
2017-02-07 12:35:58 -05:00
// Test lockout
2017-10-18 18:36:43 -04:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . MaximumLoginAttempts = 2 } )
2017-02-07 12:35:58 -05:00
// Fail twice
2026-04-08 15:49:43 -04:00
badPassword := model . NewTestPassword ( )
newPassword := model . NewTestPassword ( )
resp , err = th . Client . UpdateUserPassword ( context . Background ( ) , th . BasicUser . Id , badPassword , newPassword )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-02-07 12:35:58 -05:00
CheckBadRequestStatus ( t , resp )
2026-04-08 15:49:43 -04:00
resp , err = th . Client . UpdateUserPassword ( context . Background ( ) , th . BasicUser . Id , badPassword , newPassword )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-02-07 12:35:58 -05:00
CheckBadRequestStatus ( t , resp )
// Should fail because account is locked out
2026-04-08 15:49:43 -04:00
resp , err = th . Client . UpdateUserPassword ( context . Background ( ) , th . BasicUser . Id , th . BasicUser . Password , newPassword )
2021-08-13 07:12:16 -04:00
CheckErrorID ( t , err , "api.user.check_user_login_attempts.too_many.app_error" )
2017-04-10 08:19:49 -04:00
CheckUnauthorizedStatus ( t , resp )
2017-02-07 12:35:58 -05:00
// System admin can update another user's password
2026-04-08 15:49:43 -04:00
adminSetPassword := model . NewTestPassword ( )
2023-06-06 17:29:29 -04:00
_ , err = th . SystemAdminClient . UpdateUserPassword ( context . Background ( ) , th . BasicUser . Id , "" , adminSetPassword )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-02-07 12:35:58 -05:00
2023-06-06 17:29:29 -04:00
_ , _ , err = th . Client . Login ( context . Background ( ) , th . BasicUser . Email , adminSetPassword )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-02-07 12:35:58 -05:00
}
2017-02-07 13:46:40 -05:00
2020-08-26 11:28:00 -04:00
func TestUpdateUserHashedPassword ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2020-08-26 11:28:00 -04:00
client := th . Client
password := "SuperSecurePass23!"
passwordHash := "$2a$10$CiS1iWVPUj7rQNdY6XW53.DmaPLsETIvmW2p0asp4Dqpofs10UL5W"
th . TestForSystemAdminAndLocal ( t , func ( t * testing . T , client * model . Client4 ) {
2023-06-06 17:29:29 -04:00
_ , err := client . UpdateUserHashedPassword ( context . Background ( ) , th . BasicUser . Id , passwordHash )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-08-26 11:28:00 -04:00
} )
2023-06-06 17:29:29 -04:00
_ , _ , err := client . Login ( context . Background ( ) , th . BasicUser . Email , password )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-08-26 11:28:00 -04:00
// Standard users should never be updating their passwords with already-
// hashed passwords.
2023-06-06 17:29:29 -04:00
resp , err := client . UpdateUserHashedPassword ( context . Background ( ) , th . BasicUser . Id , passwordHash )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2020-08-26 11:28:00 -04:00
CheckUnauthorizedStatus ( t , resp )
}
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
func TestResetPassword ( t * testing . T ) {
t . Skip ( "test disabled during old build server changes, should be investigated" )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2024-11-20 11:28:39 -05:00
_ , err := th . Client . Logout ( context . Background ( ) )
require . NoError ( t , err )
2017-02-07 13:46:40 -05:00
user := th . BasicUser
// Delete all the messages before check the reset password
2024-11-20 11:28:39 -05:00
err = mail . DeleteMailBox ( user . Email )
require . NoError ( t , err )
2020-06-12 02:35:09 -04:00
th . TestForAllClients ( t , func ( t * testing . T , client * model . Client4 ) {
2024-11-20 11:28:39 -05:00
_ , err = client . SendPasswordResetEmail ( context . Background ( ) , user . Email )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2024-11-20 11:28:39 -05:00
var resp * model . Response
resp , err = client . SendPasswordResetEmail ( context . Background ( ) , "" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2020-06-12 02:35:09 -04:00
CheckBadRequestStatus ( t , resp )
// Should not leak whether the email is attached to an account or not
2023-06-06 17:29:29 -04:00
_ , err = client . SendPasswordResetEmail ( context . Background ( ) , "notreal@example.com" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-06-12 02:35:09 -04:00
} )
2017-02-07 13:46:40 -05:00
// Check if the email was send to the right email address and the recovery key match
2021-03-15 06:50:13 -04:00
var resultsMailbox mail . JSONMessageHeaderInbucket
2024-11-20 11:28:39 -05:00
err = mail . RetryInbucket ( 5 , func ( ) error {
2021-03-15 06:50:13 -04:00
resultsMailbox , err = mail . GetMailBox ( user . Email )
2017-03-11 17:39:00 -05:00
return err
} )
if err != nil {
t . Log ( err )
t . Log ( "No email was received, maybe due load on the server. Disabling this verification" )
}
2017-04-27 10:55:03 -04:00
var recoveryTokenString string
2017-03-11 17:39:00 -05:00
if err == nil && len ( resultsMailbox ) > 0 {
2019-11-15 09:13:32 -05:00
require . Contains ( t , resultsMailbox [ 0 ] . To [ 0 ] , user . Email , "Correct To recipient" )
2021-03-15 06:50:13 -04:00
resultsEmail , mailErr := mail . GetMessageFromMailbox ( user . Email , resultsMailbox [ 0 ] . ID )
2019-11-15 09:13:32 -05:00
require . NoError ( t , mailErr )
loc := strings . Index ( resultsEmail . Body . Text , "token=" )
require . NotEqual ( t , - 1 , loc , "Code should be found in email" )
loc += 6
2021-07-12 14:05:36 -04:00
recoveryTokenString = resultsEmail . Body . Text [ loc : loc + model . TokenSize ]
2017-02-07 13:46:40 -05:00
}
2022-10-06 04:04:21 -04:00
recoveryToken , err := th . App . Srv ( ) . Store ( ) . Token ( ) . GetByToken ( recoveryTokenString )
2021-02-17 03:52:18 -05:00
require . NoError ( t , err , "Recovery token not found (%s)" , recoveryTokenString )
2019-06-21 18:20:27 -04:00
2023-06-06 17:29:29 -04:00
resp , err := th . Client . ResetPassword ( context . Background ( ) , recoveryToken . Token , "" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-02-07 13:46:40 -05:00
CheckBadRequestStatus ( t , resp )
2023-06-06 17:29:29 -04:00
resp , err = th . Client . ResetPassword ( context . Background ( ) , recoveryToken . Token , "newp" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-02-07 13:46:40 -05:00
CheckBadRequestStatus ( t , resp )
2023-06-06 17:29:29 -04:00
resp , err = th . Client . ResetPassword ( context . Background ( ) , "" , "newpwd" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-02-07 13:46:40 -05:00
CheckBadRequestStatus ( t , resp )
2023-06-06 17:29:29 -04:00
resp , err = th . Client . ResetPassword ( context . Background ( ) , "junk" , "newpwd" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-02-07 13:46:40 -05:00
CheckBadRequestStatus ( t , resp )
2025-11-04 06:09:11 -05:00
var code strings . Builder
2025-07-18 06:54:51 -04:00
for range model . TokenSize {
2025-11-04 06:09:11 -05:00
code . WriteString ( "a" )
2017-02-07 13:46:40 -05:00
}
2025-11-04 06:09:11 -05:00
resp , err = th . Client . ResetPassword ( context . Background ( ) , code . String ( ) , "newpwd" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-02-07 13:46:40 -05:00
CheckBadRequestStatus ( t , resp )
2023-06-06 17:29:29 -04:00
_ , err = th . Client . ResetPassword ( context . Background ( ) , recoveryToken . Token , "newpwd" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2024-11-20 11:28:39 -05:00
_ , _ , err = th . Client . Login ( context . Background ( ) , user . Email , "newpwd" )
require . NoError ( t , err )
_ , err = th . Client . Logout ( context . Background ( ) )
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
resp , err = th . Client . ResetPassword ( context . Background ( ) , recoveryToken . Token , "newpwd" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-02-07 13:46:40 -05:00
CheckBadRequestStatus ( t , resp )
2017-08-10 12:11:55 -04:00
authData := model . NewId ( )
2022-10-06 04:04:21 -04:00
_ , err = th . App . Srv ( ) . Store ( ) . User ( ) . UpdateAuthData ( user . Id , "random" , & authData , "" , true )
2021-02-17 03:52:18 -05:00
require . NoError ( t , err )
2020-06-12 02:35:09 -04:00
th . TestForAllClients ( t , func ( t * testing . T , client * model . Client4 ) {
2023-06-06 17:29:29 -04:00
resp , err = client . SendPasswordResetEmail ( context . Background ( ) , user . Email )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2020-06-12 02:35:09 -04:00
CheckBadRequestStatus ( t , resp )
} )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
}
2017-02-17 10:31:01 -05:00
2026-04-07 13:55:16 -04:00
func TestResetPasswordAuditDoesNotLeakToken ( t * testing . T ) {
th := Setup ( t ) . InitBasic ( t )
user := th . BasicUser
tokenExtra , err := json . Marshal ( struct {
UserId string
Email string
} { UserId : user . Id , Email : user . Email } )
require . NoError ( t , err )
token := model . NewToken ( model . TokenTypePasswordRecovery , string ( tokenExtra ) )
require . NoError ( t , th . App . Srv ( ) . Store ( ) . Token ( ) . Save ( token ) )
defer func ( ) {
_ = th . App . Srv ( ) . Store ( ) . Token ( ) . Delete ( token . Token )
} ( )
_ , err = th . Client . ResetPassword ( context . Background ( ) , token . Token , "newPassword1!" )
require . NoError ( t , err )
audits , appErr := th . App . GetAudits ( request . EmptyContext ( th . TestLogger ) , "" , 100 )
require . Nil ( t , appErr )
found := false
for _ , audit := range audits {
if ! strings . Contains ( audit . Action , "password/reset" ) {
continue
}
found = true
require . NotContains ( t , audit . ExtraInfo , token . Token ,
"Full reset token should not appear in audit log ExtraInfo" )
require . Contains ( t , audit . ExtraInfo , token . Token [ : 5 ] ,
"Audit log should contain the token prefix for correlation" )
}
require . True ( t , found , "Expected at least one audit entry for password/reset" )
}
2017-02-17 10:31:01 -05:00
func TestGetSessions ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2017-02-17 10:31:01 -05:00
user := th . BasicUser
2024-11-20 11:28:39 -05:00
_ , _ , err := th . Client . Login ( context . Background ( ) , user . Email , user . Password )
require . NoError ( t , err )
2017-02-21 07:07:57 -05:00
2023-06-06 17:29:29 -04:00
sessions , _ , err := th . Client . GetSessions ( context . Background ( ) , user . Id , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-02-17 10:31:01 -05:00
for _ , session := range sessions {
2019-11-15 09:13:32 -05:00
require . Equal ( t , user . Id , session . UserId , "user id should match session user id" )
2017-02-17 10:31:01 -05:00
}
2023-06-06 17:29:29 -04:00
resp , err := th . Client . RevokeSession ( context . Background ( ) , "junk" , model . NewId ( ) )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-02-17 10:31:01 -05:00
CheckBadRequestStatus ( t , resp )
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . GetSessions ( context . Background ( ) , th . BasicUser2 . Id , "" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-02-17 10:31:01 -05:00
CheckForbiddenStatus ( t , resp )
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . GetSessions ( context . Background ( ) , model . NewId ( ) , "" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-02-17 10:31:01 -05:00
CheckForbiddenStatus ( t , resp )
2024-11-20 11:28:39 -05:00
_ , err = th . Client . Logout ( context . Background ( ) )
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . GetSessions ( context . Background ( ) , th . BasicUser2 . Id , "" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-02-17 10:31:01 -05:00
CheckUnauthorizedStatus ( t , resp )
2023-06-06 17:29:29 -04:00
_ , _ , err = th . SystemAdminClient . GetSessions ( context . Background ( ) , user . Id , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-02-17 10:31:01 -05:00
2023-06-06 17:29:29 -04:00
_ , _ , err = th . SystemAdminClient . GetSessions ( context . Background ( ) , th . BasicUser2 . Id , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-02-17 10:31:01 -05:00
2023-06-06 17:29:29 -04:00
_ , _ , err = th . SystemAdminClient . GetSessions ( context . Background ( ) , model . NewId ( ) , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-02-17 10:31:01 -05:00
}
func TestRevokeSessions ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2017-02-17 10:31:01 -05:00
user := th . BasicUser
2024-11-20 11:28:39 -05:00
_ , _ , err := th . Client . Login ( context . Background ( ) , user . Email , user . Password )
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
sessions , _ , _ := th . Client . GetSessions ( context . Background ( ) , user . Id , "" )
2019-11-15 09:13:32 -05:00
require . NotZero ( t , len ( sessions ) , "sessions should exist" )
2017-02-17 10:31:01 -05:00
for _ , session := range sessions {
2019-11-15 09:13:32 -05:00
require . Equal ( t , user . Id , session . UserId , "user id does not match session user id" )
2017-02-17 10:31:01 -05:00
}
session := sessions [ 0 ]
2023-06-06 17:29:29 -04:00
resp , err := th . Client . RevokeSession ( context . Background ( ) , user . Id , model . NewId ( ) )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-02-17 10:31:01 -05:00
CheckBadRequestStatus ( t , resp )
2023-06-06 17:29:29 -04:00
resp , err = th . Client . RevokeSession ( context . Background ( ) , th . BasicUser2 . Id , model . NewId ( ) )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-02-17 10:31:01 -05:00
CheckForbiddenStatus ( t , resp )
2023-06-06 17:29:29 -04:00
resp , err = th . Client . RevokeSession ( context . Background ( ) , "junk" , model . NewId ( ) )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-02-17 10:31:01 -05:00
CheckBadRequestStatus ( t , resp )
2023-06-06 17:29:29 -04:00
_ , err = th . Client . RevokeSession ( context . Background ( ) , user . Id , session . Id )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-02-17 10:31:01 -05:00
2025-11-12 07:00:51 -05:00
th . LoginBasic ( t )
2017-10-04 11:04:17 -04:00
2023-10-11 07:08:55 -04:00
sessions , _ = th . App . GetSessions ( th . Context , th . SystemAdminUser . Id )
2017-10-04 11:04:17 -04:00
session = sessions [ 0 ]
2023-06-06 17:29:29 -04:00
resp , err = th . Client . RevokeSession ( context . Background ( ) , user . Id , session . Id )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-10-04 11:04:17 -04:00
CheckBadRequestStatus ( t , resp )
2024-11-20 11:28:39 -05:00
_ , err = th . Client . Logout ( context . Background ( ) )
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
resp , err = th . Client . RevokeSession ( context . Background ( ) , user . Id , model . NewId ( ) )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-02-17 10:31:01 -05:00
CheckUnauthorizedStatus ( t , resp )
2023-06-06 17:29:29 -04:00
resp , err = th . SystemAdminClient . RevokeSession ( context . Background ( ) , user . Id , model . NewId ( ) )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-02-17 10:31:01 -05:00
CheckBadRequestStatus ( t , resp )
2023-06-06 17:29:29 -04:00
sessions , _ , _ = th . SystemAdminClient . GetSessions ( context . Background ( ) , th . SystemAdminUser . Id , "" )
2019-11-15 09:13:32 -05:00
require . NotEmpty ( t , sessions , "sessions should exist" )
2017-02-17 10:31:01 -05:00
for _ , session := range sessions {
2019-11-15 09:13:32 -05:00
require . Equal ( t , th . SystemAdminUser . Id , session . UserId , "user id should match session user id" )
2017-02-17 10:31:01 -05:00
}
session = sessions [ 0 ]
2023-06-06 17:29:29 -04:00
_ , err = th . SystemAdminClient . RevokeSession ( context . Background ( ) , th . SystemAdminUser . Id , session . Id )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-03-27 09:17:34 -04:00
}
2017-10-16 23:50:31 -04:00
func TestRevokeAllSessions ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2017-10-16 23:50:31 -04:00
user := th . BasicUser
2024-11-20 11:28:39 -05:00
_ , _ , err := th . Client . Login ( context . Background ( ) , user . Email , user . Password )
require . NoError ( t , err )
2017-10-16 23:50:31 -04:00
2023-06-06 17:29:29 -04:00
resp , err := th . Client . RevokeAllSessions ( context . Background ( ) , th . BasicUser2 . Id )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-10-16 23:50:31 -04:00
CheckForbiddenStatus ( t , resp )
2023-06-06 17:29:29 -04:00
resp , err = th . Client . RevokeAllSessions ( context . Background ( ) , "junk" + user . Id )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-10-16 23:50:31 -04:00
CheckBadRequestStatus ( t , resp )
2023-06-06 17:29:29 -04:00
_ , err = th . Client . RevokeAllSessions ( context . Background ( ) , user . Id )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-10-16 23:50:31 -04:00
2024-11-20 11:28:39 -05:00
_ , err = th . Client . Logout ( context . Background ( ) )
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
resp , err = th . Client . RevokeAllSessions ( context . Background ( ) , user . Id )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-10-16 23:50:31 -04:00
CheckUnauthorizedStatus ( t , resp )
2024-11-20 11:28:39 -05:00
_ , _ , err = th . Client . Login ( context . Background ( ) , user . Email , user . Password )
require . NoError ( t , err )
2017-10-16 23:50:31 -04:00
2023-06-06 17:29:29 -04:00
sessions , _ , _ := th . Client . GetSessions ( context . Background ( ) , user . Id , "" )
2019-11-15 09:13:32 -05:00
require . NotEmpty ( t , sessions , "session should exist" )
2017-10-16 23:50:31 -04:00
2023-06-06 17:29:29 -04:00
_ , err = th . Client . RevokeAllSessions ( context . Background ( ) , user . Id )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-10-16 23:50:31 -04:00
2023-06-06 17:29:29 -04:00
sessions , _ , _ = th . SystemAdminClient . GetSessions ( context . Background ( ) , user . Id , "" )
2019-11-15 09:13:32 -05:00
require . Empty ( t , sessions , "no sessions should exist for user" )
2017-10-16 23:50:31 -04:00
2023-06-06 17:29:29 -04:00
resp , err = th . Client . RevokeAllSessions ( context . Background ( ) , user . Id )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-10-16 23:50:31 -04:00
CheckUnauthorizedStatus ( t , resp )
}
2019-07-01 17:28:46 -04:00
func TestRevokeSessionsFromAllUsers ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2019-07-01 17:28:46 -04:00
user := th . BasicUser
2024-11-20 11:28:39 -05:00
_ , _ , err := th . Client . Login ( context . Background ( ) , user . Email , user . Password )
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
resp , err := th . Client . RevokeSessionsFromAllUsers ( context . Background ( ) )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2019-07-01 17:28:46 -04:00
CheckForbiddenStatus ( t , resp )
2024-11-20 11:28:39 -05:00
_ , err = th . Client . Logout ( context . Background ( ) )
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
resp , err = th . Client . RevokeSessionsFromAllUsers ( context . Background ( ) )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2019-07-01 17:28:46 -04:00
CheckUnauthorizedStatus ( t , resp )
2024-11-20 11:28:39 -05:00
_ , _ , err = th . Client . Login ( context . Background ( ) , user . Email , user . Password )
require . NoError ( t , err )
2019-07-01 17:28:46 -04:00
admin := th . SystemAdminUser
2024-11-20 11:28:39 -05:00
_ , _ , err = th . Client . Login ( context . Background ( ) , admin . Email , admin . Password )
require . NoError ( t , err )
2023-10-11 07:08:55 -04:00
sessions , err := th . Server . Store ( ) . Session ( ) . GetSessions ( th . Context , user . Id )
2019-07-01 17:28:46 -04:00
require . NotEmpty ( t , sessions )
2021-02-17 03:52:18 -05:00
require . NoError ( t , err )
2023-10-11 07:08:55 -04:00
sessions , err = th . Server . Store ( ) . Session ( ) . GetSessions ( th . Context , admin . Id )
2019-07-01 17:28:46 -04:00
require . NotEmpty ( t , sessions )
2021-02-17 03:52:18 -05:00
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
_ , err = th . Client . RevokeSessionsFromAllUsers ( context . Background ( ) )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-07-01 17:28:46 -04:00
// All sessions were revoked, so making the same call
// again will fail due to lack of a session.
2023-06-06 17:29:29 -04:00
resp , err = th . Client . RevokeSessionsFromAllUsers ( context . Background ( ) )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2019-07-01 17:28:46 -04:00
CheckUnauthorizedStatus ( t , resp )
2023-10-11 07:08:55 -04:00
sessions , err = th . Server . Store ( ) . Session ( ) . GetSessions ( th . Context , user . Id )
2019-07-01 17:28:46 -04:00
require . Empty ( t , sessions )
2021-02-17 03:52:18 -05:00
require . NoError ( t , err )
2019-07-01 17:28:46 -04:00
2023-10-11 07:08:55 -04:00
sessions , err = th . Server . Store ( ) . Session ( ) . GetSessions ( th . Context , admin . Id )
2019-07-01 17:28:46 -04:00
require . Empty ( t , sessions )
2021-02-17 03:52:18 -05:00
require . NoError ( t , err )
2019-07-01 17:28:46 -04:00
}
2017-03-27 09:17:34 -04:00
func TestAttachDeviceId ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2017-03-27 09:17:34 -04:00
2021-07-12 14:05:36 -04:00
deviceId := model . PushNotifyApple + ":1234567890"
2017-03-27 09:17:34 -04:00
2019-05-03 16:52:32 -04:00
t . Run ( "success" , func ( t * testing . T ) {
testCases := [ ] struct {
Description string
SiteURL string
ExpectedSetCookieHeaderRegexp string
} {
{ "no subpath" , "http://localhost:8065" , "^MMAUTHTOKEN=[a-z0-9]+; Path=/" } ,
{ "subpath" , "http://localhost:8065/subpath" , "^MMAUTHTOKEN=[a-z0-9]+; Path=/subpath" } ,
}
2017-02-17 10:31:01 -05:00
2019-05-03 16:52:32 -04:00
for _ , tc := range testCases {
t . Run ( tc . Description , func ( t * testing . T ) {
th . App . UpdateConfig ( func ( cfg * model . Config ) {
* cfg . ServiceSettings . SiteURL = tc . SiteURL
} )
2024-09-11 12:01:21 -04:00
resp , err := th . Client . AttachDeviceProps ( context . Background ( ) , map [ string ] string { "device_id" : deviceId } )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-05-03 16:52:32 -04:00
cookies := resp . Header . Get ( "Set-Cookie" )
assert . Regexp ( t , tc . ExpectedSetCookieHeaderRegexp , cookies )
2023-10-11 07:08:55 -04:00
sessions , appErr := th . App . GetSessions ( th . Context , th . BasicUser . Id )
2021-08-13 07:12:16 -04:00
require . Nil ( t , appErr )
2019-05-03 16:52:32 -04:00
assert . Equal ( t , deviceId , sessions [ 0 ] . DeviceId , "Missing device Id" )
} )
2017-03-27 09:17:34 -04:00
}
2019-05-03 16:52:32 -04:00
} )
2017-03-27 09:17:34 -04:00
2019-05-03 16:52:32 -04:00
t . Run ( "not logged in" , func ( t * testing . T ) {
2024-11-20 11:28:39 -05:00
_ , err := th . Client . Logout ( context . Background ( ) )
require . NoError ( t , err )
2017-03-27 09:17:34 -04:00
2024-09-11 12:01:21 -04:00
resp , err := th . Client . AttachDeviceProps ( context . Background ( ) , map [ string ] string { } )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2019-05-03 16:52:32 -04:00
CheckUnauthorizedStatus ( t , resp )
} )
2024-09-11 12:01:21 -04:00
// Props related tests
client := th . CreateClient ( )
2025-11-12 07:00:51 -05:00
th . LoginBasicWithClient ( t , client )
2024-09-11 12:01:21 -04:00
resetSession := func ( session * model . Session ) {
session . AddProp ( model . SessionPropDeviceNotificationDisabled , "" )
session . AddProp ( model . SessionPropMobileVersion , "" )
2024-11-20 11:28:39 -05:00
err := th . Server . Store ( ) . Session ( ) . UpdateProps ( session )
require . NoError ( t , err )
2024-09-11 12:01:21 -04:00
th . App . ClearSessionCacheForUser ( session . UserId )
}
t . Run ( "No props will return ok and no changes in the session" , func ( t * testing . T ) {
session , _ := th . App . GetSession ( client . AuthToken )
defer resetSession ( session )
res , err := client . AttachDeviceProps ( context . Background ( ) , map [ string ] string { } )
assert . NoError ( t , err )
updatedSession , _ := th . App . GetSession ( client . AuthToken )
storeSession , _ := th . Server . Store ( ) . Session ( ) . Get ( th . Context , session . Id )
assert . Equal ( t , http . StatusOK , res . StatusCode )
assert . Equal ( t , session . Props , updatedSession . Props )
assert . Equal ( t , session . Props , storeSession . Props )
} )
t . Run ( "Unknown props will be ignored, returning ok and no changes in the session" , func ( t * testing . T ) {
session , _ := th . App . GetSession ( client . AuthToken )
defer resetSession ( session )
res , err := client . AttachDeviceProps ( context . Background ( ) , map [ string ] string { "unknownProp" : "foo" } )
assert . NoError ( t , err )
updatedSession , _ := th . App . GetSession ( client . AuthToken )
storeSession , _ := th . Server . Store ( ) . Session ( ) . Get ( th . Context , session . Id )
assert . Equal ( t , http . StatusOK , res . StatusCode )
assert . Equal ( t , session . Props , updatedSession . Props )
assert . Equal ( t , session . Props , storeSession . Props )
} )
t . Run ( "Invalid disabled notification prop will return an error and no changes in the session" , func ( t * testing . T ) {
session , _ := th . App . GetSession ( client . AuthToken )
defer resetSession ( session )
res , err := client . AttachDeviceProps ( context . Background ( ) , map [ string ] string { model . SessionPropDeviceNotificationDisabled : "foo" } )
assert . Error ( t , err )
updatedSession , _ := th . App . GetSession ( client . AuthToken )
storeSession , _ := th . Server . Store ( ) . Session ( ) . Get ( th . Context , session . Id )
assert . Equal ( t , http . StatusBadRequest , res . StatusCode )
assert . Equal ( t , session . Props , updatedSession . Props )
assert . Equal ( t , session . Props , storeSession . Props )
} )
t . Run ( "Invalid version will return an error and no changes in the session" , func ( t * testing . T ) {
session , _ := th . App . GetSession ( client . AuthToken )
defer resetSession ( session )
res , err := client . AttachDeviceProps ( context . Background ( ) , map [ string ] string { model . SessionPropMobileVersion : "foo" } )
assert . Error ( t , err )
updatedSession , _ := th . App . GetSession ( client . AuthToken )
storeSession , _ := th . Server . Store ( ) . Session ( ) . Get ( th . Context , session . Id )
assert . Equal ( t , http . StatusBadRequest , res . StatusCode )
assert . Equal ( t , session . Props , updatedSession . Props )
assert . Equal ( t , session . Props , storeSession . Props )
} )
t . Run ( "Will update props" , func ( t * testing . T ) {
session , _ := th . App . GetSession ( client . AuthToken )
defer resetSession ( session )
res , err := client . AttachDeviceProps ( context . Background ( ) , map [ string ] string { model . SessionPropDeviceNotificationDisabled : "true" , model . SessionPropMobileVersion : "2.19.0" } )
assert . NoError ( t , err )
updatedSession , _ := th . App . GetSession ( client . AuthToken )
storeSession , _ := th . Server . Store ( ) . Session ( ) . Get ( th . Context , session . Id )
assert . Equal ( t , http . StatusOK , res . StatusCode )
assert . Equal ( t , "true" , updatedSession . Props [ model . SessionPropDeviceNotificationDisabled ] )
assert . Equal ( t , "true" , storeSession . Props [ model . SessionPropDeviceNotificationDisabled ] )
assert . Equal ( t , "2.19.0" , updatedSession . Props [ model . SessionPropMobileVersion ] )
assert . Equal ( t , "2.19.0" , storeSession . Props [ model . SessionPropMobileVersion ] )
} )
2017-02-17 10:31:01 -05:00
}
2017-02-21 07:07:57 -05:00
2017-03-21 09:06:08 -04:00
func TestGetUserAudits ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2017-02-21 07:07:57 -05:00
user := th . BasicUser
2023-06-06 17:29:29 -04:00
audits , _ , err := th . Client . GetUserAudits ( context . Background ( ) , user . Id , 0 , 100 , "" )
2017-02-21 07:07:57 -05:00
for _ , audit := range audits {
2019-11-15 09:13:32 -05:00
require . Equal ( t , user . Id , audit . UserId , "user id should match audit user id" )
2017-02-21 07:07:57 -05:00
}
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-02-21 07:07:57 -05:00
2023-06-06 17:29:29 -04:00
_ , resp , err := th . Client . GetUserAudits ( context . Background ( ) , th . BasicUser2 . Id , 0 , 100 , "" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-02-21 07:07:57 -05:00
CheckForbiddenStatus ( t , resp )
2024-11-20 11:28:39 -05:00
_ , err = th . Client . Logout ( context . Background ( ) )
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . GetUserAudits ( context . Background ( ) , user . Id , 0 , 100 , "" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-02-21 07:07:57 -05:00
CheckUnauthorizedStatus ( t , resp )
2023-06-06 17:29:29 -04:00
_ , _ , err = th . SystemAdminClient . GetUserAudits ( context . Background ( ) , user . Id , 0 , 100 , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-02-21 07:07:57 -05:00
}
2017-02-24 08:27:47 -05:00
2017-03-24 16:42:05 -04:00
func TestVerifyUserEmail ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2020-07-22 04:20:33 -04:00
th := Setup ( t )
2017-02-24 08:27:47 -05:00
2019-02-20 09:50:52 -05:00
email := th . GenerateTestEmail ( )
2026-04-08 15:49:43 -04:00
user := model . User { Email : email , Nickname : "Darth Vader" , Password : model . NewTestPassword ( ) , Username : GenerateTestUsername ( ) , Roles : model . SystemAdminRoleId + " " + model . SystemUserRoleId }
2017-02-24 08:27:47 -05:00
2023-06-06 17:29:29 -04:00
ruser , _ , _ := th . Client . CreateUser ( context . Background ( ) , & user )
2017-02-24 08:27:47 -05:00
2020-07-07 04:03:21 -04:00
token , err := th . App . Srv ( ) . EmailService . CreateVerifyEmailToken ( ruser . Id , email )
2021-07-19 11:26:06 -04:00
require . NoError ( t , err , "Unable to create email verify token" )
2017-04-27 10:55:03 -04:00
2023-06-06 17:29:29 -04:00
_ , err = th . Client . VerifyUserEmail ( context . Background ( ) , token . Token )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-02-24 08:27:47 -05:00
2023-12-20 00:46:54 -05:00
resp , err := th . Client . VerifyUserEmail ( context . Background ( ) , GenerateTestID ( ) )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-02-24 08:27:47 -05:00
CheckBadRequestStatus ( t , resp )
2023-06-06 17:29:29 -04:00
resp , err = th . Client . VerifyUserEmail ( context . Background ( ) , "" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-02-24 08:27:47 -05:00
CheckBadRequestStatus ( t , resp )
}
2017-02-28 08:11:56 -05:00
2017-03-24 16:42:05 -04:00
func TestSendVerificationEmail ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2017-03-24 16:42:05 -04:00
2023-06-06 17:29:29 -04:00
_ , err := th . Client . SendVerificationEmail ( context . Background ( ) , th . BasicUser . Email )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-03-24 16:42:05 -04:00
2023-06-06 17:29:29 -04:00
resp , err := th . Client . SendVerificationEmail ( context . Background ( ) , "" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-03-24 16:42:05 -04:00
CheckBadRequestStatus ( t , resp )
// Even non-existent emails should return 200 OK
2023-06-06 17:29:29 -04:00
_ , err = th . Client . SendVerificationEmail ( context . Background ( ) , th . GenerateTestEmail ( ) )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-03-24 16:42:05 -04:00
2024-11-20 11:28:39 -05:00
_ , err = th . Client . Logout ( context . Background ( ) )
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
_ , err = th . Client . SendVerificationEmail ( context . Background ( ) , th . BasicUser . Email )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-03-24 16:42:05 -04:00
}
2017-02-28 08:11:56 -05:00
func TestSetProfileImage ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2017-02-28 08:11:56 -05:00
user := th . BasicUser
2018-09-04 08:33:29 -04:00
data , err := testutils . ReadTestFile ( "test.png" )
2019-11-15 09:13:32 -05:00
require . NoError ( t , err )
2017-02-28 08:11:56 -05:00
2023-06-06 17:29:29 -04:00
_ , err = th . Client . SetProfileImage ( context . Background ( ) , user . Id , data )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-02-28 08:11:56 -05:00
2023-06-06 17:29:29 -04:00
resp , err := th . Client . SetProfileImage ( context . Background ( ) , model . NewId ( ) , data )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-02-28 08:11:56 -05:00
CheckForbiddenStatus ( t , resp )
// status code returns either forbidden or unauthorized
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
// note: forbidden is set as default at Client4.SetProfileImage when request is terminated early by server
2024-11-20 11:28:39 -05:00
_ , err = th . Client . Logout ( context . Background ( ) )
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
resp , err = th . Client . SetProfileImage ( context . Background ( ) , user . Id , data )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-02-28 08:11:56 -05:00
if resp . StatusCode == http . StatusForbidden {
CheckForbiddenStatus ( t , resp )
} else if resp . StatusCode == http . StatusUnauthorized {
CheckUnauthorizedStatus ( t , resp )
} else {
2020-02-13 11:53:23 -05:00
require . Fail ( t , "Should have failed either forbidden or unauthorized" )
2017-02-28 08:11:56 -05:00
}
2021-02-17 03:52:18 -05:00
buser , appErr := th . App . GetUser ( user . Id )
require . Nil ( t , appErr )
2017-08-31 08:57:35 -04:00
2023-06-06 17:29:29 -04:00
_ , err = th . SystemAdminClient . SetProfileImage ( context . Background ( ) , user . Id , data )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-02-28 08:11:56 -05:00
2021-02-17 03:52:18 -05:00
ruser , appErr := th . App . GetUser ( user . Id )
require . Nil ( t , appErr )
2021-08-11 03:37:52 -04:00
assert . True ( t , buser . LastPictureUpdate == ruser . LastPictureUpdate , "Same picture should not have updated" )
data2 , err := testutils . ReadTestFile ( "testjpg.jpg" )
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
_ , err = th . SystemAdminClient . SetProfileImage ( context . Background ( ) , user . Id , data2 )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2021-08-11 03:37:52 -04:00
ruser , appErr = th . App . GetUser ( user . Id )
require . Nil ( t , appErr )
2017-08-31 08:57:35 -04:00
assert . True ( t , buser . LastPictureUpdate < ruser . LastPictureUpdate , "Picture should have updated for user" )
2017-02-28 08:11:56 -05:00
info := & model . FileInfo { Path : "users/" + user . Id + "/profile.png" }
2019-11-15 09:13:32 -05:00
err = th . cleanupTestFile ( info )
2021-02-17 03:52:18 -05:00
require . NoError ( t , err )
2017-02-28 08:11:56 -05:00
}
2018-10-02 02:04:38 -04:00
func TestSetDefaultProfileImage ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2018-10-02 02:04:38 -04:00
user := th . BasicUser
2023-05-04 10:14:26 -04:00
startTime := model . GetMillis ( )
time . Sleep ( time . Millisecond )
2023-06-06 17:29:29 -04:00
_ , err := th . Client . SetDefaultProfileImage ( context . Background ( ) , user . Id )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2018-10-02 02:04:38 -04:00
2023-05-04 10:14:26 -04:00
iuser , getUserErr := th . App . GetUser ( user . Id )
require . Nil ( t , getUserErr )
assert . Less ( t , iuser . LastPictureUpdate , - startTime , "LastPictureUpdate should be set to -(current time in milliseconds)" )
2023-06-06 17:29:29 -04:00
resp , err := th . Client . SetDefaultProfileImage ( context . Background ( ) , model . NewId ( ) )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2018-10-02 02:04:38 -04:00
CheckForbiddenStatus ( t , resp )
// status code returns either forbidden or unauthorized
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
// note: forbidden is set as default at Client4.SetDefaultProfileImage when request is terminated early by server
2024-11-20 11:28:39 -05:00
_ , err = th . Client . Logout ( context . Background ( ) )
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
resp , err = th . Client . SetDefaultProfileImage ( context . Background ( ) , user . Id )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2018-10-02 02:04:38 -04:00
if resp . StatusCode == http . StatusForbidden {
CheckForbiddenStatus ( t , resp )
} else if resp . StatusCode == http . StatusUnauthorized {
CheckUnauthorizedStatus ( t , resp )
} else {
2020-02-13 11:53:23 -05:00
require . Fail ( t , "Should have failed either forbidden or unauthorized" )
2018-10-02 02:04:38 -04:00
}
2023-05-04 10:14:26 -04:00
time . Sleep ( time . Millisecond )
2023-06-06 17:29:29 -04:00
_ , err = th . SystemAdminClient . SetDefaultProfileImage ( context . Background ( ) , user . Id )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2018-10-02 02:04:38 -04:00
2025-02-26 15:25:02 -05:00
// Check that a system admin can set the default profile image for another system admin
2025-11-12 07:00:51 -05:00
anotherAdmin := th . CreateUser ( t )
2025-02-26 15:25:02 -05:00
_ , appErr := th . App . UpdateUserRoles ( th . Context , anotherAdmin . Id , model . SystemAdminRoleId + " " + model . SystemUserRoleId , false )
require . Nil ( t , appErr )
_ , err = th . SystemAdminClient . SetDefaultProfileImage ( context . Background ( ) , anotherAdmin . Id )
require . NoError ( t , err )
2021-08-13 07:12:16 -04:00
ruser , appErr := th . App . GetUser ( user . Id )
require . Nil ( t , appErr )
2023-05-04 10:14:26 -04:00
assert . Less ( t , ruser . LastPictureUpdate , iuser . LastPictureUpdate , "LastPictureUpdate should be updated to a lower negative number" )
2018-10-02 02:04:38 -04:00
info := & model . FileInfo { Path : "users/" + user . Id + "/profile.png" }
2021-08-13 07:12:16 -04:00
err = th . cleanupTestFile ( info )
require . NoError ( t , err )
2018-10-02 02:04:38 -04:00
}
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
func TestLogin ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2024-11-20 11:28:39 -05:00
_ , err := th . Client . Logout ( context . Background ( ) )
require . NoError ( t , err )
2018-06-12 13:16:39 -04:00
2019-05-13 10:48:32 -04:00
th . App . UpdateConfig ( func ( cfg * model . Config ) {
2019-05-23 16:03:22 -04:00
* cfg . ServiceSettings . EnableBotAccountCreation = true
2019-05-13 10:48:32 -04:00
} )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
t . Run ( "missing password" , func ( t * testing . T ) {
2023-06-06 17:29:29 -04:00
_ , _ , err := th . Client . Login ( context . Background ( ) , th . BasicUser . Email , "" )
2021-08-13 07:12:16 -04:00
CheckErrorID ( t , err , "api.user.login.blank_pwd.app_error" )
2018-06-12 13:16:39 -04:00
} )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
t . Run ( "unknown user" , func ( t * testing . T ) {
2023-06-06 17:29:29 -04:00
_ , _ , err := th . Client . Login ( context . Background ( ) , "unknown" , th . BasicUser . Password )
2021-08-13 07:12:16 -04:00
CheckErrorID ( t , err , "api.user.login.invalid_credentials_email_username" )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
} )
2018-06-12 13:16:39 -04:00
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
t . Run ( "valid login" , func ( t * testing . T ) {
2023-06-06 17:29:29 -04:00
user , _ , err := th . Client . Login ( context . Background ( ) , th . BasicUser . Email , th . BasicUser . Password )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
assert . Equal ( t , user . Id , th . BasicUser . Id )
} )
2018-06-12 13:16:39 -04:00
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
t . Run ( "bot login rejected" , func ( t * testing . T ) {
2023-06-06 17:29:29 -04:00
bot , _ , err := th . SystemAdminClient . CreateBot ( context . Background ( ) , & model . Bot {
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
Username : "bot" ,
} )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2018-06-12 13:16:39 -04:00
2023-06-06 17:29:29 -04:00
botUser , _ , err := th . SystemAdminClient . GetUser ( context . Background ( ) , bot . UserId , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2018-06-12 13:16:39 -04:00
2026-04-08 15:49:43 -04:00
botPassword := model . NewTestPassword ( )
_ , err = th . SystemAdminClient . UpdateUserPassword ( context . Background ( ) , bot . UserId , "" , botPassword )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2026-04-08 15:49:43 -04:00
_ , _ , err = th . Client . Login ( context . Background ( ) , botUser . Email , botPassword )
2021-08-13 07:12:16 -04:00
CheckErrorID ( t , err , "api.user.login.bot_login_forbidden.app_error" )
2018-06-12 13:16:39 -04:00
} )
2019-04-16 12:59:07 -04:00
2023-08-14 11:54:10 -04:00
t . Run ( "remote user login rejected" , func ( t * testing . T ) {
email := th . GenerateTestEmail ( )
2026-04-08 15:49:43 -04:00
remoteUserPassword := model . NewTestPassword ( )
user := model . User { Email : email , Nickname : "Darth Vader" , Password : remoteUserPassword , Username : GenerateTestUsername ( ) , Roles : model . SystemAdminRoleId + " " + model . SystemUserRoleId , RemoteId : model . NewPointer ( "remote-id" ) }
2024-05-22 05:20:02 -04:00
ruser , appErr := th . App . CreateUser ( th . Context , & user )
require . Nil ( t , appErr )
2023-08-14 11:54:10 -04:00
2024-06-03 10:11:30 -04:00
// remote user cannot reset password
2026-04-08 15:49:43 -04:00
_ , err := th . SystemAdminClient . UpdateUserPassword ( context . Background ( ) , ruser . Id , "" , model . NewTestPassword ( ) )
2024-06-03 10:11:30 -04:00
require . Error ( t , err )
2023-08-14 11:54:10 -04:00
2026-04-08 15:49:43 -04:00
_ , _ , err = th . Client . Login ( context . Background ( ) , ruser . Email , remoteUserPassword )
2023-08-14 11:54:10 -04:00
CheckErrorID ( t , err , "api.user.login.remote_users.login.error" )
} )
2019-04-16 12:59:07 -04:00
t . Run ( "login with terms_of_service set" , func ( t * testing . T ) {
2021-08-13 07:12:16 -04:00
termsOfService , appErr := th . App . CreateTermsOfService ( "terms of service" , th . BasicUser . Id )
require . Nil ( t , appErr )
2019-04-16 12:59:07 -04:00
2023-06-06 17:29:29 -04:00
_ , err := th . Client . RegisterTermsOfServiceAction ( context . Background ( ) , th . BasicUser . Id , termsOfService . Id , true )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-04-16 12:59:07 -04:00
2023-06-06 17:29:29 -04:00
userTermsOfService , _ , err := th . Client . GetUserTermsOfService ( context . Background ( ) , th . BasicUser . Id , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-04-16 12:59:07 -04:00
2023-06-06 17:29:29 -04:00
user , _ , err := th . Client . Login ( context . Background ( ) , th . BasicUser . Email , th . BasicUser . Password )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-04-16 12:59:07 -04:00
assert . Equal ( t , user . Id , th . BasicUser . Id )
assert . Equal ( t , user . TermsOfServiceId , userTermsOfService . TermsOfServiceId )
assert . Equal ( t , user . TermsOfServiceCreateAt , userTermsOfService . CreateAt )
} )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
}
2018-06-12 13:16:39 -04:00
2019-05-03 16:52:32 -04:00
func TestLoginCookies ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2019-06-11 15:09:00 -04:00
t . Run ( "should return cookies with X-Requested-With header" , func ( t * testing . T ) {
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2019-05-03 16:52:32 -04:00
2021-08-12 05:49:16 -04:00
th . Client . HTTPHeader [ model . HeaderRequestedWith ] = model . HeaderRequestedWithXML
2019-05-03 16:52:32 -04:00
2023-06-06 17:29:29 -04:00
user , resp , _ := th . Client . Login ( context . Background ( ) , th . BasicUser . Email , th . BasicUser . Password )
2019-05-03 16:52:32 -04:00
2019-06-11 15:09:00 -04:00
sessionCookie := ""
userCookie := ""
csrfCookie := ""
for _ , cookie := range resp . Header [ "Set-Cookie" ] {
2021-07-12 14:05:36 -04:00
if match := regexp . MustCompile ( "^" + model . SessionCookieToken + "=([a-z0-9]+)" ) . FindStringSubmatch ( cookie ) ; match != nil {
2019-06-11 15:09:00 -04:00
sessionCookie = match [ 1 ]
2021-07-12 14:05:36 -04:00
} else if match := regexp . MustCompile ( "^" + model . SessionCookieUser + "=([a-z0-9]+)" ) . FindStringSubmatch ( cookie ) ; match != nil {
2019-06-11 15:09:00 -04:00
userCookie = match [ 1 ]
2021-07-12 14:05:36 -04:00
} else if match := regexp . MustCompile ( "^" + model . SessionCookieCsrf + "=([a-z0-9]+)" ) . FindStringSubmatch ( cookie ) ; match != nil {
2019-06-11 15:09:00 -04:00
csrfCookie = match [ 1 ]
}
}
2019-05-03 16:52:32 -04:00
2019-06-11 15:09:00 -04:00
session , _ := th . App . GetSession ( th . Client . AuthToken )
assert . Equal ( t , th . Client . AuthToken , sessionCookie )
assert . Equal ( t , user . Id , userCookie )
assert . Equal ( t , session . GetCSRF ( ) , csrfCookie )
} )
t . Run ( "should not return cookies without X-Requested-With header" , func ( t * testing . T ) {
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2019-06-11 15:09:00 -04:00
2023-06-06 17:29:29 -04:00
_ , resp , _ := th . Client . Login ( context . Background ( ) , th . BasicUser . Email , th . BasicUser . Password )
2019-06-11 15:09:00 -04:00
assert . Empty ( t , resp . Header . Get ( "Set-Cookie" ) )
} )
t . Run ( "should include subpath in path" , func ( t * testing . T ) {
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2019-06-11 15:09:00 -04:00
2021-08-12 05:49:16 -04:00
th . Client . HTTPHeader [ model . HeaderRequestedWith ] = model . HeaderRequestedWithXML
2019-06-11 15:09:00 -04:00
testCases := [ ] struct {
Description string
SiteURL string
ExpectedSetCookieHeaderRegexp string
} {
{ "no subpath" , "http://localhost:8065" , "^MMAUTHTOKEN=[a-z0-9]+; Path=/" } ,
{ "subpath" , "http://localhost:8065/subpath" , "^MMAUTHTOKEN=[a-z0-9]+; Path=/subpath" } ,
}
for _ , tc := range testCases {
t . Run ( tc . Description , func ( t * testing . T ) {
th . App . UpdateConfig ( func ( cfg * model . Config ) {
* cfg . ServiceSettings . SiteURL = tc . SiteURL
} )
2023-06-06 17:29:29 -04:00
user , resp , err := th . Client . Login ( context . Background ( ) , th . BasicUser . Email , th . BasicUser . Password )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-06-11 15:09:00 -04:00
assert . Equal ( t , user . Id , th . BasicUser . Id )
cookies := resp . Header . Get ( "Set-Cookie" )
assert . Regexp ( t , tc . ExpectedSetCookieHeaderRegexp , cookies )
} )
}
} )
2022-01-12 02:31:46 -05:00
t . Run ( "should return cookie with MMCLOUDURL for cloud installations" , func ( t * testing . T ) {
updateConfig := func ( cfg * model . Config ) {
* cfg . ServiceSettings . SiteURL = "https://testchips.cloud.mattermost.com"
}
2025-11-12 07:00:51 -05:00
th := SetupAndApplyConfigBeforeLogin ( t , updateConfig ) . InitBasic ( t )
2022-01-12 02:31:46 -05:00
th . App . Srv ( ) . SetLicense ( model . NewTestLicense ( "cloud" ) )
2022-07-26 10:47:09 -04:00
th . Client . HTTPHeader [ model . HeaderRequestedWith ] = model . HeaderRequestedWithXML
2023-06-06 17:29:29 -04:00
_ , resp , _ := th . Client . Login ( context . Background ( ) , th . BasicUser . Email , th . BasicUser . Password )
2022-01-12 02:31:46 -05:00
2022-07-26 10:47:09 -04:00
found := false
cookies := resp . Header . Values ( "Set-Cookie" )
for i := range cookies {
if strings . Contains ( cookies [ i ] , "MMCLOUDURL" ) {
found = true
assert . Contains ( t , cookies [ i ] , "MMCLOUDURL=testchips;" , "should contain MMCLOUDURL" )
assert . Contains ( t , cookies [ i ] , "Domain=mattermost.com;" , "should contain Domain=mattermost.com" )
break
}
}
assert . True ( t , found , "Did not find MMCLOUDURL cookie" )
} )
t . Run ( "should return cookie with MMCLOUDURL for cloud installations when doing cws login" , func ( t * testing . T ) {
token := model . NewRandomString ( 64 )
2022-01-12 02:31:46 -05:00
2022-07-26 10:47:09 -04:00
updateConfig := func ( cfg * model . Config ) {
* cfg . ServiceSettings . SiteURL = "https://testchips.cloud.mattermost.com"
}
2025-11-12 07:00:51 -05:00
th := SetupAndApplyConfigBeforeLogin ( t , updateConfig ) . InitBasic ( t )
2022-07-26 10:47:09 -04:00
ci: enable fullyparallel mode for server tests (#35816)
* ci: enable fullyparallel mode for server tests
Replace os.Setenv, os.Chdir, and global state mutations with
parallel-safe alternatives (t.Setenv, t.Chdir, test hooks) across
37 files. Refactor GetLogRootPath and MM_INSTALL_TYPE to use
package-level test hooks instead of environment variables.
This enables gotestsum --fullparallel, allowing all test packages
to run with maximum parallelism within each shard.
Co-authored-by: Claude <claude@anthropic.com>
* ci: split fullyparallel from continue-on-error in workflow template
- Add new boolean input 'allow-failure' separate from 'fullyparallel'
- Change continue-on-error to use allow-failure instead of fullyparallel
- Update server-ci.yml to pass allow-failure: true for test coverage job
- Allows independent control of parallel execution and failure tolerance
Co-authored-by: Claude <claude@anthropic.com>
* fix: protect TestOverrideLogRootPath with sync.Mutex for parallel tests
- Replace global var TestOverrideLogRootPath with mutex-protected functions
- Add SetTestOverrideLogRootPath() and getTestOverrideLogRootPath() functions
- Update GetLogRootPath() to use thread-safe getter
- Update all test files to use SetTestOverrideLogRootPath() with t.Cleanup()
- Fixes race condition when running tests with t.Parallel()
Co-authored-by: Claude <claude@anthropic.com>
* fix: configure audit settings before server setup in tests
- Move ExperimentalAuditSettings from UpdateConfig() to config defaults
- Pass audit config via app.Config() option in SetupWithServerOptions()
- Fixes audit test setup ordering to configure BEFORE server initialization
- Resolves CodeRabbit's audit config timing issue in api4 tests
Co-authored-by: Claude <claude@anthropic.com>
* fix: implement SetTestOverrideLogRootPath mutex in logger.go
The previous commit updated test callers to use SetTestOverrideLogRootPath()
but didn't actually create the function in config/logger.go, causing build
failures across all CI shards. This commit:
- Replaces the exported var TestOverrideLogRootPath with mutex-protected
unexported state (testOverrideLogRootPath + testOverrideLogRootMu)
- Adds exported SetTestOverrideLogRootPath() setter
- Adds unexported getTestOverrideLogRootPath() getter
- Updates GetLogRootPath() to use the thread-safe getter
- Fixes log_test.go callers that were missed in the previous commit
Co-authored-by: Claude <claude@anthropic.com>
* fix(test): use SetupConfig for access_control feature flag registration
InitAccessControlPolicy() checks FeatureFlags.AttributeBasedAccessControl
at route registration time during server startup. Setting the flag via
UpdateConfig after Setup() is too late — routes are never registered
and API calls return 404.
Use SetupConfig() to pass the feature flag in the initial config before
server startup, ensuring routes are properly registered.
Co-authored-by: Claude <claude@anthropic.com>
* fix(test): restore BurnOnRead flag state in TestRevealPost subtest
The 'feature not enabled' subtest disables BurnOnRead without restoring
it via t.Cleanup. Subsequent subtests inherit the disabled state, which
can cause 501 errors when they expect the feature to be available.
Add t.Cleanup to restore FeatureFlags.BurnOnRead = true after the
subtest completes.
Co-authored-by: Claude <claude@anthropic.com>
* fix(test): restore EnableSharedChannelsMemberSync flag via t.Cleanup
The test disables EnableSharedChannelsMemberSync without restoring it.
If the subtest exits early (e.g., require failure), later sibling
subtests inherit a disabled flag and become flaky.
Add t.Cleanup to restore the flag after the subtest completes.
Co-authored-by: Claude <claude@anthropic.com>
* Fix test parallelism: use instance-scoped overrides and init-time audit config
Replace package-level test globals (TestOverrideInstallType,
SetTestOverrideLogRootPath) with fields on PlatformService so each test
gets its own instance without process-wide mutation. Fix three audit
tests (TestUserLoginAudit, TestLogoutAuditAuthStatus,
TestUpdatePasswordAudit) that configured the audit logger after server
init — the audit logger only reads config at startup, so pass audit
settings via app.Config() at init time instead.
Also revert the Go 1.24.13 downgrade and bump mattermost-govet to
v2.0.2 for Go 1.25.8 compatibility.
* Fix audit unit tests
* Fix MMCLOUDURL unit tests
* Fixed unit tests using MM_NOTIFY_ADMIN_COOL_OFF_DAYS
* Make app migrations idempotent for parallel test safety
Change System().Save() to System().SaveOrUpdate() in all migration
completion markers. When two parallel tests share a database pool entry,
both may race through the check-then-insert migration pattern. Save()
causes a duplicate key fatal crash; SaveOrUpdate() makes the second
write a harmless no-op.
* test: address review feedback on fullyparallel PR
- Use SetLogRootPathOverride() setter instead of direct field access
in platform/support_packet_test.go and platform/log_test.go (pvev)
- Restore TestGetLogRootPath in config/logger_test.go to keep
MM_LOG_PATH env var coverage; test uses t.Setenv so it runs
serially which is fine (pvev)
- Fix misleading comment in config_test.go: code uses t.Setenv,
not os.Setenv (jgheithcock)
Co-authored-by: Claude <claude@anthropic.com>
* fix: add missing os import in post_test.go
The os import was dropped during a merge conflict resolution while
burn-on-read shared channel tests from master still use os.Setenv.
Co-authored-by: Claude <claude@anthropic.com>
---------
Co-authored-by: Claude <claude@anthropic.com>
Co-authored-by: wiggin77 <wiggin77@warpmail.net>
Co-authored-by: Mattermost Build <build@mattermost.com>
2026-04-08 20:48:36 -04:00
th . App . Srv ( ) . SetCWSTokenOverride ( token )
t . Cleanup ( func ( ) { th . App . Srv ( ) . SetCWSTokenOverride ( "" ) } )
2022-07-26 10:47:09 -04:00
th . App . Srv ( ) . SetLicense ( model . NewTestLicense ( "cloud" ) )
form := url . Values { }
form . Add ( "login_id" , th . SystemAdminUser . Email )
form . Add ( "cws_token" , token )
th . Client . HTTPClient . CheckRedirect = func ( req * http . Request , via [ ] * http . Request ) error {
return http . ErrUseLastResponse
}
2023-06-06 17:29:29 -04:00
r , _ := th . Client . DoAPIRequestWithHeaders ( context . Background ( ) ,
2022-07-26 10:47:09 -04:00
http . MethodPost ,
2026-01-29 09:26:47 -05:00
"/users/login/cws" ,
2022-07-26 10:47:09 -04:00
form . Encode ( ) ,
map [ string ] string {
"Content-Type" : "application/x-www-form-urlencoded" ,
} ,
)
defer closeBody ( r )
cookies := r . Cookies ( )
found := false
for i := range cookies {
if cookies [ i ] . Name == model . SessionCookieCloudUrl {
found = true
assert . Equal ( t , "testchips" , cookies [ i ] . Value )
}
}
assert . True ( t , found , "should have found cookie" )
2022-01-12 02:31:46 -05:00
} )
2022-01-17 10:50:40 -05:00
t . Run ( "should NOT return cookie with MMCLOUDURL for cloud installations without expected format of cloud URL" , func ( t * testing . T ) {
updateConfig := func ( cfg * model . Config ) {
* cfg . ServiceSettings . SiteURL = "https://testchips.com" // correct cloud URL would be https://testchips.cloud.mattermost.com
}
2025-11-12 07:00:51 -05:00
th := SetupAndApplyConfigBeforeLogin ( t , updateConfig ) . InitBasic ( t )
2022-01-17 10:50:40 -05:00
th . App . Srv ( ) . SetLicense ( model . NewTestLicense ( "cloud" ) )
2023-06-06 17:29:29 -04:00
_ , resp , _ := th . Client . Login ( context . Background ( ) , th . BasicUser . Email , th . BasicUser . Password )
2022-01-17 10:50:40 -05:00
cloudSessionCookie := ""
for _ , cookie := range resp . Header [ "Set-Cookie" ] {
if match := regexp . MustCompile ( "^" + model . SessionCookieCloudUrl + "=([a-z0-9]+)" ) . FindStringSubmatch ( cookie ) ; match != nil {
cloudSessionCookie = match [ 1 ]
}
}
// no cookie set
assert . Equal ( t , "" , cloudSessionCookie )
} )
2022-01-12 02:31:46 -05:00
t . Run ( "should NOT return cookie with MMCLOUDURL for NON cloud installations" , func ( t * testing . T ) {
updateConfig := func ( cfg * model . Config ) {
* cfg . ServiceSettings . SiteURL = "https://testchips.com"
}
2025-11-12 07:00:51 -05:00
th := SetupAndApplyConfigBeforeLogin ( t , updateConfig ) . InitBasic ( t )
2022-01-12 02:31:46 -05:00
2023-06-06 17:29:29 -04:00
_ , resp , _ := th . Client . Login ( context . Background ( ) , th . BasicUser . Email , th . BasicUser . Password )
2022-01-12 02:31:46 -05:00
cloudSessionCookie := ""
for _ , cookie := range resp . Header [ "Set-Cookie" ] {
if match := regexp . MustCompile ( "^" + model . SessionCookieCloudUrl + "=([a-z0-9]+)" ) . FindStringSubmatch ( cookie ) ; match != nil {
cloudSessionCookie = match [ 1 ]
}
}
// no cookie set
assert . Equal ( t , "" , cloudSessionCookie )
} )
2019-05-03 16:52:32 -04:00
}
2017-04-10 08:19:49 -04:00
func TestSwitchAccount ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2017-04-10 08:19:49 -04:00
2019-01-31 08:12:01 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . GitLabSettings . Enable = true } )
2017-04-10 08:19:49 -04:00
2026-01-29 11:14:19 -05:00
// setupUserAuth configures the test user's auth state and session.
// Pass empty string for authService to reset to email/password auth.
// If loggedIn is true, ensures the user has a valid session.
setupUserAuth := func ( t * testing . T , authService string , loggedIn bool ) {
t . Helper ( )
// Always start by resetting to email auth so we can login
_ , err := th . App . Srv ( ) . Store ( ) . User ( ) . UpdateAuthData ( th . BasicUser . Id , "" , nil , "" , true )
require . NoError ( t , err )
user , appErr := th . App . GetUser ( th . BasicUser . Id )
require . Nil ( t , appErr )
appErr = th . App . UpdatePassword ( th . Context , user , th . BasicUser . Password )
require . Nil ( t , appErr )
if loggedIn {
// Login while user is still email auth
_ , _ , err = th . Client . Login ( context . Background ( ) , th . BasicUser . Email , th . BasicUser . Password )
require . NoError ( t , err )
} else {
_ , _ = th . Client . Logout ( context . Background ( ) )
}
2017-04-10 08:19:49 -04:00
2026-01-29 11:14:19 -05:00
// Now change auth service if needed (session remains valid)
if authService != "" {
fakeAuthData := model . NewId ( )
_ , err = th . App . Srv ( ) . Store ( ) . User ( ) . UpdateAuthData ( th . BasicUser . Id , authService , & fakeAuthData , th . BasicUser . Email , true )
require . NoError ( t , err )
}
2017-04-10 08:19:49 -04:00
}
2026-01-29 11:14:19 -05:00
t . Run ( "Email to GitLab switch returns OAuth link" , func ( t * testing . T ) {
setupUserAuth ( t , "" , false )
2017-04-10 08:19:49 -04:00
2026-01-29 11:14:19 -05:00
sr := & model . SwitchRequest {
CurrentService : model . UserAuthServiceEmail ,
NewService : model . UserAuthServiceGitlab ,
Email : th . BasicUser . Email ,
Password : th . BasicUser . Password ,
}
2017-04-10 08:19:49 -04:00
2026-01-29 11:14:19 -05:00
link , _ , err := th . Client . SwitchAccountType ( context . Background ( ) , sr )
require . NoError ( t , err )
require . NotEmpty ( t , link , "expected OAuth link" )
} )
2017-11-28 14:46:48 -05:00
2026-01-29 11:14:19 -05:00
t . Run ( "Auth transfer disabled" , func ( t * testing . T ) {
th . App . Srv ( ) . SetLicense ( model . NewTestLicense ( ) )
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . ExperimentalEnableAuthenticationTransfer = false } )
t . Cleanup ( func ( ) {
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . ExperimentalEnableAuthenticationTransfer = true } )
} )
2017-11-28 14:46:48 -05:00
2026-01-29 11:14:19 -05:00
t . Run ( "Email to GitLab forbidden" , func ( t * testing . T ) {
setupUserAuth ( t , "" , false )
2017-11-28 14:46:48 -05:00
2026-01-29 11:14:19 -05:00
sr := & model . SwitchRequest {
CurrentService : model . UserAuthServiceEmail ,
NewService : model . UserAuthServiceGitlab ,
}
2017-11-28 14:46:48 -05:00
2026-01-29 11:14:19 -05:00
_ , resp , err := th . Client . SwitchAccountType ( context . Background ( ) , sr )
require . Error ( t , err )
CheckForbiddenStatus ( t , resp )
} )
2017-11-28 14:46:48 -05:00
2026-01-29 11:14:19 -05:00
t . Run ( "SAML to Email forbidden" , func ( t * testing . T ) {
setupUserAuth ( t , "" , true )
2017-11-28 14:46:48 -05:00
2026-01-29 11:14:19 -05:00
sr := & model . SwitchRequest {
CurrentService : model . UserAuthServiceSaml ,
NewService : model . UserAuthServiceEmail ,
Email : th . BasicUser . Email ,
NewPassword : th . BasicUser . Password ,
}
2017-11-28 14:46:48 -05:00
2026-01-29 11:14:19 -05:00
_ , resp , err := th . Client . SwitchAccountType ( context . Background ( ) , sr )
require . Error ( t , err )
CheckForbiddenStatus ( t , resp )
} )
2017-11-28 14:46:48 -05:00
2026-01-29 11:14:19 -05:00
t . Run ( "Email to LDAP forbidden" , func ( t * testing . T ) {
setupUserAuth ( t , "" , true )
2017-11-28 14:46:48 -05:00
2026-01-29 11:14:19 -05:00
sr := & model . SwitchRequest {
CurrentService : model . UserAuthServiceEmail ,
NewService : model . UserAuthServiceLdap ,
}
2017-11-28 14:46:48 -05:00
2026-01-29 11:14:19 -05:00
_ , resp , err := th . Client . SwitchAccountType ( context . Background ( ) , sr )
require . Error ( t , err )
CheckForbiddenStatus ( t , resp )
} )
2017-11-28 14:46:48 -05:00
2026-01-29 11:14:19 -05:00
t . Run ( "LDAP to Email forbidden" , func ( t * testing . T ) {
setupUserAuth ( t , "" , true )
2017-04-10 08:19:49 -04:00
2026-01-29 11:14:19 -05:00
sr := & model . SwitchRequest {
CurrentService : model . UserAuthServiceLdap ,
NewService : model . UserAuthServiceEmail ,
}
2017-04-10 08:19:49 -04:00
2026-01-29 11:14:19 -05:00
_ , resp , err := th . Client . SwitchAccountType ( context . Background ( ) , sr )
require . Error ( t , err )
CheckForbiddenStatus ( t , resp )
} )
} )
t . Run ( "OAuth to Email" , func ( t * testing . T ) {
t . Run ( "Email user cannot switch claiming OAuth auth" , func ( t * testing . T ) {
// MM-67202: Verify that an email/password user cannot bypass password confirmation
setupUserAuth ( t , "" , true )
sr := & model . SwitchRequest {
CurrentService : model . UserAuthServiceGitlab ,
NewService : model . UserAuthServiceEmail ,
Email : th . BasicUser . Email ,
2026-04-08 15:49:43 -04:00
NewPassword : model . NewTestPassword ( ) ,
2026-01-29 11:14:19 -05:00
}
_ , resp , err := th . Client . SwitchAccountType ( context . Background ( ) , sr )
require . Error ( t , err )
assert . Equal ( t , "api.user.oauth_to_email.not_oauth_user.app_error" , err . ( * model . AppError ) . Id )
CheckBadRequestStatus ( t , resp )
} )
t . Run ( "GitLab user can switch to email" , func ( t * testing . T ) {
setupUserAuth ( t , model . UserAuthServiceGitlab , true )
sr := & model . SwitchRequest {
CurrentService : model . UserAuthServiceGitlab ,
NewService : model . UserAuthServiceEmail ,
Email : th . BasicUser . Email ,
NewPassword : th . BasicUser . Password ,
}
2024-04-12 11:15:01 -04:00
2026-01-29 11:14:19 -05:00
link , _ , err := th . Client . SwitchAccountType ( context . Background ( ) , sr )
require . NoError ( t , err )
require . Equal ( t , "/login?extra=signin_change" , link )
} )
t . Run ( "Disabled if EnableSignUpWithEmail is false" , func ( t * testing . T ) {
setupUserAuth ( t , model . UserAuthServiceGitlab , true )
2024-04-12 11:15:01 -04:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . EmailSettings . EnableSignUpWithEmail = false } )
t . Cleanup ( func ( ) {
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . EmailSettings . EnableSignUpWithEmail = true } )
} )
2026-01-29 11:14:19 -05:00
sr := & model . SwitchRequest {
CurrentService : model . UserAuthServiceGitlab ,
NewService : model . UserAuthServiceEmail ,
Email : th . BasicUser . Email ,
NewPassword : th . BasicUser . Password ,
}
_ , resp , err := th . Client . SwitchAccountType ( context . Background ( ) , sr )
2024-04-12 11:15:01 -04:00
require . Error ( t , err )
assert . Equal ( t , "api.user.auth_switch.not_available.email_signup_disabled.app_error" , err . ( * model . AppError ) . Id )
CheckForbiddenStatus ( t , resp )
} )
2026-01-29 11:14:19 -05:00
t . Run ( "Disabled if EnableSignInWithEmail and EnableSignInWithUsername are false" , func ( t * testing . T ) {
setupUserAuth ( t , model . UserAuthServiceGitlab , true )
2024-04-12 11:15:01 -04:00
th . App . UpdateConfig ( func ( cfg * model . Config ) {
* cfg . EmailSettings . EnableSignInWithEmail = false
* cfg . EmailSettings . EnableSignInWithUsername = false
} )
t . Cleanup ( func ( ) {
th . App . UpdateConfig ( func ( cfg * model . Config ) {
* cfg . EmailSettings . EnableSignInWithEmail = true
* cfg . EmailSettings . EnableSignInWithUsername = true
} )
} )
2026-01-29 11:14:19 -05:00
sr := & model . SwitchRequest {
CurrentService : model . UserAuthServiceGitlab ,
NewService : model . UserAuthServiceEmail ,
Email : th . BasicUser . Email ,
NewPassword : th . BasicUser . Password ,
}
_ , resp , err := th . Client . SwitchAccountType ( context . Background ( ) , sr )
2024-04-12 11:15:01 -04:00
require . Error ( t , err )
assert . Equal ( t , "api.user.auth_switch.not_available.login_disabled.app_error" , err . ( * model . AppError ) . Id )
CheckForbiddenStatus ( t , resp )
} )
2026-01-29 11:14:19 -05:00
t . Run ( "Without session returns unauthorized" , func ( t * testing . T ) {
setupUserAuth ( t , model . UserAuthServiceGitlab , false )
2024-04-12 11:15:01 -04:00
2026-01-29 11:14:19 -05:00
sr := & model . SwitchRequest {
CurrentService : model . UserAuthServiceGitlab ,
NewService : model . UserAuthServiceEmail ,
Email : th . BasicUser . Email ,
NewPassword : th . BasicUser . Password ,
}
_ , resp , err := th . Client . SwitchAccountType ( context . Background ( ) , sr )
require . Error ( t , err )
CheckUnauthorizedStatus ( t , resp )
2024-04-12 11:15:01 -04:00
} )
2026-01-29 11:14:19 -05:00
} )
2024-04-12 11:15:01 -04:00
2026-01-29 11:14:19 -05:00
t . Run ( "LDAP to Email" , func ( t * testing . T ) {
t . Run ( "Non-LDAP user cannot switch claiming LDAP auth" , func ( t * testing . T ) {
// MM-67202: Verify that a non-LDAP user cannot bypass password confirmation
setupUserAuth ( t , model . ServiceOpenid , true )
sr := & model . SwitchRequest {
CurrentService : model . UserAuthServiceLdap ,
NewService : model . UserAuthServiceEmail ,
Email : th . BasicUser . Email ,
NewPassword : th . BasicUser . Password ,
}
2024-04-12 11:15:01 -04:00
2026-01-29 11:14:19 -05:00
_ , resp , err := th . Client . SwitchAccountType ( context . Background ( ) , sr )
require . Error ( t , err )
assert . Equal ( t , "api.user.ldap_to_email.not_ldap_account.app_error" , err . ( * model . AppError ) . Id )
CheckBadRequestStatus ( t , resp )
} )
t . Run ( "Disabled if EnableSignUpWithEmail is false" , func ( t * testing . T ) {
setupUserAuth ( t , model . UserAuthServiceLdap , true )
2024-04-12 11:15:01 -04:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . EmailSettings . EnableSignUpWithEmail = false } )
t . Cleanup ( func ( ) {
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . EmailSettings . EnableSignUpWithEmail = true } )
} )
2026-01-29 11:14:19 -05:00
sr := & model . SwitchRequest {
CurrentService : model . UserAuthServiceLdap ,
NewService : model . UserAuthServiceEmail ,
Email : th . BasicUser . Email ,
NewPassword : th . BasicUser . Password ,
}
_ , resp , err := th . Client . SwitchAccountType ( context . Background ( ) , sr )
2024-04-12 11:15:01 -04:00
require . Error ( t , err )
assert . Equal ( t , "api.user.auth_switch.not_available.email_signup_disabled.app_error" , err . ( * model . AppError ) . Id )
CheckForbiddenStatus ( t , resp )
} )
2026-01-29 11:14:19 -05:00
t . Run ( "Disabled if EnableSignInWithEmail and EnableSignInWithUsername are false" , func ( t * testing . T ) {
setupUserAuth ( t , model . UserAuthServiceLdap , true )
2024-04-12 11:15:01 -04:00
th . App . UpdateConfig ( func ( cfg * model . Config ) {
* cfg . EmailSettings . EnableSignInWithEmail = false
* cfg . EmailSettings . EnableSignInWithUsername = false
} )
t . Cleanup ( func ( ) {
th . App . UpdateConfig ( func ( cfg * model . Config ) {
* cfg . EmailSettings . EnableSignInWithEmail = true
* cfg . EmailSettings . EnableSignInWithUsername = true
} )
} )
2026-01-29 11:14:19 -05:00
sr := & model . SwitchRequest {
CurrentService : model . UserAuthServiceLdap ,
NewService : model . UserAuthServiceEmail ,
Email : th . BasicUser . Email ,
NewPassword : th . BasicUser . Password ,
}
_ , resp , err := th . Client . SwitchAccountType ( context . Background ( ) , sr )
2024-04-12 11:15:01 -04:00
require . Error ( t , err )
assert . Equal ( t , "api.user.auth_switch.not_available.login_disabled.app_error" , err . ( * model . AppError ) . Id )
CheckForbiddenStatus ( t , resp )
} )
} )
2026-01-29 11:14:19 -05:00
t . Run ( "OAuth to OAuth switch is invalid" , func ( t * testing . T ) {
setupUserAuth ( t , model . UserAuthServiceGitlab , true )
2017-04-10 08:19:49 -04:00
2026-01-29 11:14:19 -05:00
sr := & model . SwitchRequest {
CurrentService : model . UserAuthServiceGitlab ,
NewService : model . ServiceGoogle ,
}
2017-04-10 08:19:49 -04:00
2026-01-29 11:14:19 -05:00
_ , resp , err := th . Client . SwitchAccountType ( context . Background ( ) , sr )
require . Error ( t , err )
CheckBadRequestStatus ( t , resp )
} )
2017-04-10 08:19:49 -04:00
2026-01-29 11:14:19 -05:00
t . Run ( "Email to OAuth without email returns not found" , func ( t * testing . T ) {
setupUserAuth ( t , "" , true )
2017-04-10 08:19:49 -04:00
2026-01-29 11:14:19 -05:00
sr := & model . SwitchRequest {
CurrentService : model . UserAuthServiceEmail ,
NewService : model . UserAuthServiceGitlab ,
Password : th . BasicUser . Password ,
}
2017-04-10 08:19:49 -04:00
2026-01-29 11:14:19 -05:00
_ , resp , err := th . Client . SwitchAccountType ( context . Background ( ) , sr )
require . Error ( t , err )
CheckNotFoundStatus ( t , resp )
} )
2017-04-10 08:19:49 -04:00
2026-01-29 11:14:19 -05:00
t . Run ( "Email to OAuth without password returns unauthorized" , func ( t * testing . T ) {
setupUserAuth ( t , "" , true )
2017-04-10 08:19:49 -04:00
2026-01-29 11:14:19 -05:00
sr := & model . SwitchRequest {
CurrentService : model . UserAuthServiceEmail ,
NewService : model . UserAuthServiceGitlab ,
Email : th . BasicUser . Email ,
}
2017-04-10 08:19:49 -04:00
2026-01-29 11:14:19 -05:00
_ , resp , err := th . Client . SwitchAccountType ( context . Background ( ) , sr )
require . Error ( t , err )
CheckUnauthorizedStatus ( t , resp )
} )
2017-04-10 08:19:49 -04:00
2026-01-29 11:14:19 -05:00
t . Run ( "Email to SAML switch succeeds" , func ( t * testing . T ) {
setupUserAuth ( t , "" , true )
2024-02-09 11:17:28 -05:00
2026-01-29 11:14:19 -05:00
sr := & model . SwitchRequest {
CurrentService : model . UserAuthServiceEmail ,
NewService : model . UserAuthServiceSaml ,
Email : th . BasicUser . Email ,
Password : th . BasicUser . Password ,
}
2024-02-09 11:17:28 -05:00
2026-01-29 11:14:19 -05:00
link , _ , err := th . Client . SwitchAccountType ( context . Background ( ) , sr )
require . NoError ( t , err )
2024-02-09 11:17:28 -05:00
2026-01-29 11:14:19 -05:00
values , parseErr := url . ParseQuery ( link )
require . NoError ( t , parseErr )
2024-02-09 11:17:28 -05:00
2026-01-29 11:14:19 -05:00
appToken , tokenErr := th . App . Srv ( ) . Store ( ) . Token ( ) . GetByToken ( values . Get ( "email_token" ) )
require . NoError ( t , tokenErr )
require . Equal ( t , th . BasicUser . Email , appToken . Extra )
} )
2017-04-10 08:19:49 -04:00
}
2017-07-31 12:59:32 -04:00
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
func assertToken ( t * testing . T , th * TestHelper , token * model . UserAccessToken , expectedUserId string ) {
t . Helper ( )
2017-07-31 12:59:32 -04:00
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
oldSessionToken := th . Client . AuthToken
defer func ( ) { th . Client . AuthToken = oldSessionToken } ( )
2017-07-31 12:59:32 -04:00
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
th . Client . AuthToken = token . Token
2023-06-06 17:29:29 -04:00
ruser , _ , err := th . Client . GetMe ( context . Background ( ) , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-07-31 12:59:32 -04:00
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
assert . Equal ( t , expectedUserId , ruser . Id , "returned wrong user" )
}
2017-07-31 12:59:32 -04:00
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
func assertInvalidToken ( t * testing . T , th * TestHelper , token * model . UserAccessToken ) {
t . Helper ( )
2017-07-31 12:59:32 -04:00
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
oldSessionToken := th . Client . AuthToken
defer func ( ) { th . Client . AuthToken = oldSessionToken } ( )
2017-07-31 12:59:32 -04:00
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
th . Client . AuthToken = token . Token
2023-06-06 17:29:29 -04:00
_ , resp , err := th . Client . GetMe ( context . Background ( ) , "" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
CheckUnauthorizedStatus ( t , resp )
}
2017-07-31 12:59:32 -04:00
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
func TestCreateUserAccessToken ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
t . Run ( "create token without permission" , func ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2017-07-31 12:59:32 -04:00
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . EnableUserAccessTokens = true } )
2017-07-31 12:59:32 -04:00
2023-06-06 17:29:29 -04:00
_ , resp , err := th . Client . CreateUserAccessToken ( context . Background ( ) , th . BasicUser . Id , "test token" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
CheckForbiddenStatus ( t , resp )
} )
2017-07-31 12:59:32 -04:00
2020-06-12 06:59:05 -04:00
t . Run ( "system admin and local mode can create access token" , func ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2020-06-12 06:59:05 -04:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . EnableUserAccessTokens = true } )
th . TestForSystemAdminAndLocal ( t , func ( t * testing . T , client * model . Client4 ) {
2023-06-06 17:29:29 -04:00
rtoken , _ , err := client . CreateUserAccessToken ( context . Background ( ) , th . BasicUser . Id , "test token" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-06-12 06:59:05 -04:00
assert . Equal ( t , th . BasicUser . Id , rtoken . UserId , "wrong user id" )
assert . NotEmpty ( t , rtoken . Token , "token should not be empty" )
assert . NotEmpty ( t , rtoken . Id , "id should not be empty" )
assert . Equal ( t , "test token" , rtoken . Description , "description did not match" )
assert . True ( t , rtoken . IsActive , "token should be active" )
assertToken ( t , th , rtoken , th . BasicUser . Id )
} )
} )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
t . Run ( "create token for invalid user id" , func ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2017-07-31 12:59:32 -04:00
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . EnableUserAccessTokens = true } )
2017-07-31 12:59:32 -04:00
2020-06-12 06:59:05 -04:00
th . TestForAllClients ( t , func ( t * testing . T , client * model . Client4 ) {
2023-06-06 17:29:29 -04:00
_ , resp , err := client . CreateUserAccessToken ( context . Background ( ) , "notarealuserid" , "test token" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2020-06-12 06:59:05 -04:00
CheckBadRequestStatus ( t , resp )
} )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
} )
2017-07-31 12:59:32 -04:00
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
t . Run ( "create token with invalid value" , func ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2017-07-31 12:59:32 -04:00
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . EnableUserAccessTokens = true } )
2017-07-31 12:59:32 -04:00
2020-06-12 06:59:05 -04:00
th . TestForAllClients ( t , func ( t * testing . T , client * model . Client4 ) {
2023-06-06 17:29:29 -04:00
_ , resp , err := client . CreateUserAccessToken ( context . Background ( ) , th . BasicUser . Id , "" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2020-06-12 06:59:05 -04:00
CheckBadRequestStatus ( t , resp )
} )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
} )
2017-07-31 12:59:32 -04:00
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
t . Run ( "create token with user access tokens disabled" , func ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2017-07-31 12:59:32 -04:00
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . EnableUserAccessTokens = false } )
2024-11-20 11:28:39 -05:00
_ , appErr := th . App . UpdateUserRoles ( th . Context , th . BasicUser . Id , model . SystemUserRoleId + " " + model . SystemUserAccessTokenRoleId , false )
require . Nil ( t , appErr )
2017-10-04 11:04:56 -04:00
2020-06-12 06:59:05 -04:00
th . TestForAllClients ( t , func ( t * testing . T , client * model . Client4 ) {
2023-06-06 17:29:29 -04:00
_ , resp , err := client . CreateUserAccessToken ( context . Background ( ) , th . BasicUser . Id , "test token" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2020-06-12 06:59:05 -04:00
CheckNotImplementedStatus ( t , resp )
} )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
} )
2017-10-04 11:04:56 -04:00
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
t . Run ( "create user access token" , func ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2017-10-04 11:04:56 -04:00
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . EnableUserAccessTokens = true } )
2024-11-20 11:28:39 -05:00
_ , appErr := th . App . UpdateUserRoles ( th . Context , th . BasicUser . Id , model . SystemUserRoleId + " " + model . SystemUserAccessTokenRoleId , false )
require . Nil ( t , appErr )
2017-07-31 12:59:32 -04:00
2023-06-06 17:29:29 -04:00
rtoken , _ , err := th . Client . CreateUserAccessToken ( context . Background ( ) , th . BasicUser . Id , "test token" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-07-31 12:59:32 -04:00
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
assert . Equal ( t , th . BasicUser . Id , rtoken . UserId , "wrong user id" )
assert . NotEmpty ( t , rtoken . Token , "token should not be empty" )
assert . NotEmpty ( t , rtoken . Id , "id should not be empty" )
assert . Equal ( t , "test token" , rtoken . Description , "description did not match" )
assert . True ( t , rtoken . IsActive , "token should be active" )
2017-07-31 12:59:32 -04:00
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
assertToken ( t , th , rtoken , th . BasicUser . Id )
} )
2017-07-31 12:59:32 -04:00
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
t . Run ( "create user access token as second user, without permission" , func ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2017-07-31 12:59:32 -04:00
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . EnableUserAccessTokens = true } )
2017-07-31 12:59:32 -04:00
2023-06-06 17:29:29 -04:00
_ , resp , err := th . Client . CreateUserAccessToken ( context . Background ( ) , th . BasicUser2 . Id , "test token" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
CheckForbiddenStatus ( t , resp )
} )
2017-07-31 12:59:32 -04:00
2023-04-03 14:30:07 -04:00
t . Run ( "create user access token for another user, with permission" , func ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2023-04-03 14:30:07 -04:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . EnableUserAccessTokens = true } )
2025-11-12 07:00:51 -05:00
th . AddPermissionToRole ( t , model . PermissionEditOtherUsers . Id , model . SystemUserManagerRoleId )
2024-11-20 11:28:39 -05:00
_ , appErr := th . App . UpdateUserRoles ( th . Context , th . BasicUser . Id , model . SystemUserManagerRoleId + " " + model . SystemUserAccessTokenRoleId , false )
require . Nil ( t , appErr )
2023-04-03 14:30:07 -04:00
2023-06-06 17:29:29 -04:00
rtoken , _ , err := th . Client . CreateUserAccessToken ( context . Background ( ) , th . BasicUser2 . Id , "test token" )
2023-04-03 14:30:07 -04:00
require . NoError ( t , err )
assert . Equal ( t , th . BasicUser2 . Id , rtoken . UserId )
oldSessionToken := th . Client . AuthToken
defer func ( ) { th . Client . AuthToken = oldSessionToken } ( )
assertToken ( t , th , rtoken , th . BasicUser2 . Id )
} )
t . Run ( "create user access token for system admin, as system user manager" , func ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2023-04-03 14:30:07 -04:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . EnableUserAccessTokens = true } )
2025-11-12 07:00:51 -05:00
th . AddPermissionToRole ( t , model . PermissionEditOtherUsers . Id , model . SystemUserManagerRoleId )
2024-11-20 11:28:39 -05:00
_ , appErr := th . App . UpdateUserRoles ( th . Context , th . BasicUser . Id , model . SystemUserManagerRoleId + " " + model . SystemUserAccessTokenRoleId , false )
require . Nil ( t , appErr )
2023-04-03 14:30:07 -04:00
2023-06-06 17:29:29 -04:00
_ , resp , err := th . Client . CreateUserAccessToken ( context . Background ( ) , th . SystemAdminUser . Id , "test token" )
2023-04-03 14:30:07 -04:00
require . Error ( t , err )
CheckForbiddenStatus ( t , resp )
} )
t . Run ( "create user access token for basic user as a system admin" , func ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2017-07-31 12:59:32 -04:00
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . EnableUserAccessTokens = true } )
2017-07-31 12:59:32 -04:00
2023-06-06 17:29:29 -04:00
rtoken , _ , err := th . SystemAdminClient . CreateUserAccessToken ( context . Background ( ) , th . BasicUser . Id , "test token" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
assert . Equal ( t , th . BasicUser . Id , rtoken . UserId )
2017-07-31 12:59:32 -04:00
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
oldSessionToken := th . Client . AuthToken
defer func ( ) { th . Client . AuthToken = oldSessionToken } ( )
2017-07-31 12:59:32 -04:00
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
assertToken ( t , th , rtoken , th . BasicUser . Id )
} )
2017-07-31 12:59:32 -04:00
2024-06-25 09:26:08 -04:00
t . Run ( "create user access token for remote user as a system admin" , func ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2024-06-25 09:26:08 -04:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . EnableUserAccessTokens = true } )
// make a remote user
remoteUser , appErr := th . App . CreateUser ( request . TestContext ( t ) , & model . User {
Username : "remoteuser" ,
2024-08-05 23:45:00 -04:00
RemoteId : model . NewPointer ( model . NewId ( ) ) ,
2024-06-25 09:26:08 -04:00
Password : model . NewId ( ) ,
Email : "remoteuser@example.com" ,
} )
require . Nil ( t , appErr )
_ , resp , err := th . SystemAdminClient . CreateUserAccessToken ( context . Background ( ) , remoteUser . Id , "test token" )
require . Error ( t , err )
CheckForbiddenStatus ( t , resp ) // remote users are not allowed to have access tokens
} )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
t . Run ( "create access token as oauth session" , func ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2017-07-31 12:59:32 -04:00
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . EnableUserAccessTokens = true } )
2017-07-31 12:59:32 -04:00
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
session , _ := th . App . GetSession ( th . Client . AuthToken )
session . IsOAuth = true
th . App . AddSessionToCache ( session )
2017-07-31 12:59:32 -04:00
2023-06-06 17:29:29 -04:00
_ , resp , err := th . Client . CreateUserAccessToken ( context . Background ( ) , th . BasicUser . Id , "test token" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
CheckForbiddenStatus ( t , resp )
} )
2017-07-31 12:59:32 -04:00
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
t . Run ( "create access token for bot created by user" , func ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2017-07-31 12:59:32 -04:00
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . EnableUserAccessTokens = true } )
2018-01-17 13:38:37 -05:00
2025-11-12 07:00:51 -05:00
defaultPerms := th . SaveDefaultRolePermissions ( t )
defer th . RestoreDefaultRolePermissions ( t , defaultPerms )
th . AddPermissionToRole ( t , model . PermissionCreateBot . Id , model . TeamUserRoleId )
th . AddPermissionToRole ( t , model . PermissionCreateUserAccessToken . Id , model . TeamUserRoleId )
2024-11-20 11:28:39 -05:00
_ , appErr := th . App . UpdateUserRoles ( th . Context , th . BasicUser . Id , model . TeamUserRoleId , false )
require . Nil ( t , appErr )
2019-05-13 10:48:32 -04:00
th . App . UpdateConfig ( func ( cfg * model . Config ) {
2019-05-23 16:03:22 -04:00
* cfg . ServiceSettings . EnableBotAccountCreation = true
2019-05-13 10:48:32 -04:00
} )
2018-01-17 13:38:37 -05:00
2023-06-06 17:29:29 -04:00
createdBot , resp , err := th . Client . CreateBot ( context . Background ( ) , & model . Bot {
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
Username : GenerateTestUsername ( ) ,
DisplayName : "a bot" ,
Description : "bot" ,
} )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
CheckCreatedStatus ( t , resp )
2024-11-20 11:28:39 -05:00
defer func ( ) {
appErr := th . App . PermanentDeleteBot ( th . Context , createdBot . UserId )
require . Nil ( t , appErr )
} ( )
2018-01-17 13:38:37 -05:00
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
t . Run ( "without MANAGE_BOT permission" , func ( t * testing . T ) {
2025-11-12 07:00:51 -05:00
th . RemovePermissionFromRole ( t , model . PermissionManageBots . Id , model . TeamUserRoleId )
2018-01-17 13:38:37 -05:00
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . CreateUserAccessToken ( context . Background ( ) , createdBot . UserId , "test token" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
CheckForbiddenStatus ( t , resp )
} )
2018-01-17 13:38:37 -05:00
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
t . Run ( "with MANAGE_BOTS permission" , func ( t * testing . T ) {
2025-11-12 07:00:51 -05:00
th . AddPermissionToRole ( t , model . PermissionManageBots . Id , model . TeamUserRoleId )
2017-07-31 12:59:32 -04:00
2023-06-06 17:29:29 -04:00
token , _ , err := th . Client . CreateUserAccessToken ( context . Background ( ) , createdBot . UserId , "test token" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
assert . Equal ( t , createdBot . UserId , token . UserId )
assertToken ( t , th , token , createdBot . UserId )
} )
} )
2018-01-17 13:38:37 -05:00
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
t . Run ( "create access token for bot created by another user, only having MANAGE_BOTS permission" , func ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2018-01-17 13:38:37 -05:00
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . EnableUserAccessTokens = true } )
2018-01-17 13:38:37 -05:00
2025-11-12 07:00:51 -05:00
defaultPerms := th . SaveDefaultRolePermissions ( t )
defer th . RestoreDefaultRolePermissions ( t , defaultPerms )
th . AddPermissionToRole ( t , model . PermissionCreateBot . Id , model . TeamUserRoleId )
th . AddPermissionToRole ( t , model . PermissionManageBots . Id , model . TeamUserRoleId )
th . AddPermissionToRole ( t , model . PermissionCreateUserAccessToken . Id , model . TeamUserRoleId )
2024-11-20 11:28:39 -05:00
_ , appErr := th . App . UpdateUserRoles ( th . Context , th . BasicUser . Id , model . TeamUserRoleId , false )
require . Nil ( t , appErr )
2019-05-13 10:48:32 -04:00
th . App . UpdateConfig ( func ( cfg * model . Config ) {
2019-05-23 16:03:22 -04:00
* cfg . ServiceSettings . EnableBotAccountCreation = true
2019-05-13 10:48:32 -04:00
} )
2018-01-17 13:38:37 -05:00
2023-06-06 17:29:29 -04:00
createdBot , resp , err := th . SystemAdminClient . CreateBot ( context . Background ( ) , & model . Bot {
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
Username : GenerateTestUsername ( ) ,
DisplayName : "a bot" ,
Description : "bot" ,
} )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
CheckCreatedStatus ( t , resp )
2024-11-20 11:28:39 -05:00
defer func ( ) {
appErr := th . App . PermanentDeleteBot ( th . Context , createdBot . UserId )
require . Nil ( t , appErr )
} ( )
2018-01-17 13:38:37 -05:00
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
t . Run ( "only having MANAGE_BOTS permission" , func ( t * testing . T ) {
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . CreateUserAccessToken ( context . Background ( ) , createdBot . UserId , "test token" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
CheckForbiddenStatus ( t , resp )
} )
2018-01-17 13:38:37 -05:00
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
t . Run ( "with MANAGE_OTHERS_BOTS permission" , func ( t * testing . T ) {
2025-11-12 07:00:51 -05:00
th . AddPermissionToRole ( t , model . PermissionManageOthersBots . Id , model . TeamUserRoleId )
2018-01-17 13:38:37 -05:00
2023-06-06 17:29:29 -04:00
rtoken , _ , err := th . Client . CreateUserAccessToken ( context . Background ( ) , createdBot . UserId , "test token" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
assert . Equal ( t , createdBot . UserId , rtoken . UserId )
2018-01-17 13:38:37 -05:00
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
assertToken ( t , th , rtoken , createdBot . UserId )
} )
} )
}
2018-01-17 13:38:37 -05:00
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
func TestGetUserAccessToken ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
t . Run ( "get for invalid user id" , func ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2018-01-17 13:38:37 -05:00
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . EnableUserAccessTokens = true } )
2018-01-17 13:38:37 -05:00
2023-06-06 17:29:29 -04:00
_ , resp , err := th . Client . GetUserAccessToken ( context . Background ( ) , "123" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
CheckBadRequestStatus ( t , resp )
} )
2018-01-17 13:38:37 -05:00
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
t . Run ( "get for unknown user id" , func ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2018-01-11 16:30:55 -05:00
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . EnableUserAccessTokens = true } )
2017-07-31 12:59:32 -04:00
2023-06-06 17:29:29 -04:00
_ , resp , err := th . Client . GetUserAccessToken ( context . Background ( ) , model . NewId ( ) )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
CheckForbiddenStatus ( t , resp )
} )
2017-07-31 12:59:32 -04:00
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
t . Run ( "get my token" , func ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2017-07-31 12:59:32 -04:00
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . EnableUserAccessTokens = true } )
2024-11-20 11:28:39 -05:00
_ , appErr := th . App . UpdateUserRoles ( th . Context , th . BasicUser . Id , model . SystemUserRoleId + " " + model . SystemUserAccessTokenRoleId , false )
require . Nil ( t , appErr )
2017-07-31 12:59:32 -04:00
2023-06-06 17:29:29 -04:00
token , _ , err := th . Client . CreateUserAccessToken ( context . Background ( ) , th . BasicUser . Id , "test token" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-07-31 12:59:32 -04:00
2023-06-06 17:29:29 -04:00
rtoken , _ , err := th . Client . GetUserAccessToken ( context . Background ( ) , token . Id )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-07-31 12:59:32 -04:00
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
assert . Equal ( t , th . BasicUser . Id , rtoken . UserId , "wrong user id" )
assert . Empty ( t , rtoken . Token , "token should be blank" )
assert . NotEmpty ( t , rtoken . Id , "id should not be empty" )
assert . Equal ( t , "test token" , rtoken . Description , "description did not match" )
} )
2017-10-20 20:26:45 -04:00
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
t . Run ( "get user token as system admin" , func ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2017-07-31 12:59:32 -04:00
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . EnableUserAccessTokens = true } )
2017-07-31 12:59:32 -04:00
2024-11-20 11:28:39 -05:00
_ , appErr := th . App . UpdateUserRoles ( th . Context , th . BasicUser . Id , model . SystemUserRoleId + " " + model . SystemUserAccessTokenRoleId , false )
require . Nil ( t , appErr )
2017-07-31 12:59:32 -04:00
2023-06-06 17:29:29 -04:00
token , _ , err := th . Client . CreateUserAccessToken ( context . Background ( ) , th . BasicUser . Id , "test token" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2023-06-06 17:29:29 -04:00
rtoken , _ , err := th . SystemAdminClient . GetUserAccessToken ( context . Background ( ) , token . Id )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
assert . Equal ( t , th . BasicUser . Id , rtoken . UserId , "wrong user id" )
assert . Empty ( t , rtoken . Token , "token should be blank" )
assert . NotEmpty ( t , rtoken . Id , "id should not be empty" )
assert . Equal ( t , "test token" , rtoken . Description , "description did not match" )
} )
t . Run ( "get token for bot created by user" , func ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . EnableUserAccessTokens = true } )
2025-11-12 07:00:51 -05:00
defaultPerms := th . SaveDefaultRolePermissions ( t )
defer th . RestoreDefaultRolePermissions ( t , defaultPerms )
th . AddPermissionToRole ( t , model . PermissionCreateBot . Id , model . TeamUserRoleId )
th . AddPermissionToRole ( t , model . PermissionManageBots . Id , model . TeamUserRoleId )
th . AddPermissionToRole ( t , model . PermissionCreateUserAccessToken . Id , model . TeamUserRoleId )
th . AddPermissionToRole ( t , model . PermissionReadUserAccessToken . Id , model . TeamUserRoleId )
2024-11-20 11:28:39 -05:00
_ , appErr := th . App . UpdateUserRoles ( th . Context , th . BasicUser . Id , model . TeamUserRoleId , false )
require . Nil ( t , appErr )
2019-05-13 10:48:32 -04:00
th . App . UpdateConfig ( func ( cfg * model . Config ) {
2019-05-23 16:03:22 -04:00
* cfg . ServiceSettings . EnableBotAccountCreation = true
2019-05-13 10:48:32 -04:00
} )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2023-06-06 17:29:29 -04:00
createdBot , resp , err := th . Client . CreateBot ( context . Background ( ) , & model . Bot {
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
Username : GenerateTestUsername ( ) ,
DisplayName : "a bot" ,
Description : "bot" ,
} )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
CheckCreatedStatus ( t , resp )
2024-11-20 11:28:39 -05:00
defer func ( ) {
appErr := th . App . PermanentDeleteBot ( th . Context , createdBot . UserId )
require . Nil ( t , appErr )
} ( )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2023-06-06 17:29:29 -04:00
token , _ , err := th . Client . CreateUserAccessToken ( context . Background ( ) , createdBot . UserId , "test token" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
t . Run ( "without MANAGE_BOTS permission" , func ( t * testing . T ) {
2025-11-12 07:00:51 -05:00
th . RemovePermissionFromRole ( t , model . PermissionManageBots . Id , model . TeamUserRoleId )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2023-06-06 17:29:29 -04:00
_ , resp , err := th . Client . GetUserAccessToken ( context . Background ( ) , token . Id )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
CheckForbiddenStatus ( t , resp )
} )
t . Run ( "with MANAGE_BOTS permission" , func ( t * testing . T ) {
2025-11-12 07:00:51 -05:00
th . AddPermissionToRole ( t , model . PermissionManageBots . Id , model . TeamUserRoleId )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2023-06-06 17:29:29 -04:00
returnedToken , _ , err := th . Client . GetUserAccessToken ( context . Background ( ) , token . Id )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
// Actual token won't be returned.
returnedToken . Token = token . Token
assert . Equal ( t , token , returnedToken )
} )
} )
t . Run ( "get token for bot created by another user" , func ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . EnableUserAccessTokens = true } )
2025-11-12 07:00:51 -05:00
defaultPerms := th . SaveDefaultRolePermissions ( t )
defer th . RestoreDefaultRolePermissions ( t , defaultPerms )
th . AddPermissionToRole ( t , model . PermissionCreateBot . Id , model . TeamUserRoleId )
th . AddPermissionToRole ( t , model . PermissionManageBots . Id , model . TeamUserRoleId )
th . AddPermissionToRole ( t , model . PermissionCreateUserAccessToken . Id , model . TeamUserRoleId )
th . AddPermissionToRole ( t , model . PermissionReadUserAccessToken . Id , model . TeamUserRoleId )
2024-11-20 11:28:39 -05:00
_ , appErr := th . App . UpdateUserRoles ( th . Context , th . BasicUser . Id , model . TeamUserRoleId , false )
require . Nil ( t , appErr )
2019-05-13 10:48:32 -04:00
th . App . UpdateConfig ( func ( cfg * model . Config ) {
2019-05-23 16:03:22 -04:00
* cfg . ServiceSettings . EnableBotAccountCreation = true
2019-05-13 10:48:32 -04:00
} )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2023-06-06 17:29:29 -04:00
createdBot , resp , err := th . SystemAdminClient . CreateBot ( context . Background ( ) , & model . Bot {
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
Username : GenerateTestUsername ( ) ,
DisplayName : "a bot" ,
Description : "bot" ,
} )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
CheckCreatedStatus ( t , resp )
2024-11-20 11:28:39 -05:00
defer func ( ) {
appErr := th . App . PermanentDeleteBot ( th . Context , createdBot . UserId )
require . Nil ( t , appErr )
} ( )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2023-06-06 17:29:29 -04:00
token , _ , err := th . SystemAdminClient . CreateUserAccessToken ( context . Background ( ) , createdBot . UserId , "test token" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
t . Run ( "only having MANAGE_BOTS permission" , func ( t * testing . T ) {
2023-06-06 17:29:29 -04:00
_ , resp , err := th . Client . GetUserAccessToken ( context . Background ( ) , token . Id )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
CheckForbiddenStatus ( t , resp )
} )
t . Run ( "with MANAGE_OTHERS_BOTS permission" , func ( t * testing . T ) {
2025-11-12 07:00:51 -05:00
th . AddPermissionToRole ( t , model . PermissionManageOthersBots . Id , model . TeamUserRoleId )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2023-06-06 17:29:29 -04:00
returnedToken , _ , err := th . Client . GetUserAccessToken ( context . Background ( ) , token . Id )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
// Actual token won't be returned.
returnedToken . Token = token . Token
assert . Equal ( t , token , returnedToken )
} )
} )
2017-07-31 12:59:32 -04:00
}
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
func TestGetUserAccessTokensForUser ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
t . Run ( "multiple tokens, offset 0, limit 100" , func ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2017-10-19 08:10:29 -04:00
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . EnableUserAccessTokens = true } )
2017-10-19 08:10:29 -04:00
2024-11-20 11:28:39 -05:00
_ , appErr := th . App . UpdateUserRoles ( th . Context , th . BasicUser . Id , model . SystemUserRoleId + " " + model . SystemUserAccessTokenRoleId , false )
require . Nil ( t , appErr )
2017-10-19 08:10:29 -04:00
2023-06-06 17:29:29 -04:00
_ , _ , err := th . Client . CreateUserAccessToken ( context . Background ( ) , th . BasicUser . Id , "test token" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-10-19 08:10:29 -04:00
2023-06-06 17:29:29 -04:00
_ , _ , err = th . Client . CreateUserAccessToken ( context . Background ( ) , th . BasicUser . Id , "test token 2" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-10-19 08:10:29 -04:00
2020-06-12 06:59:05 -04:00
th . TestForAllClients ( t , func ( t * testing . T , client * model . Client4 ) {
2023-06-06 17:29:29 -04:00
rtokens , _ , err := client . GetUserAccessTokensForUser ( context . Background ( ) , th . BasicUser . Id , 0 , 100 )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2020-06-12 06:59:05 -04:00
assert . Len ( t , rtokens , 2 , "should have 2 tokens" )
for _ , uat := range rtokens {
assert . Equal ( t , th . BasicUser . Id , uat . UserId , "wrong user id" )
}
} )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
} )
t . Run ( "multiple tokens, offset 1, limit 1" , func ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . EnableUserAccessTokens = true } )
2024-11-20 11:28:39 -05:00
_ , appErr := th . App . UpdateUserRoles ( th . Context , th . BasicUser . Id , model . SystemUserRoleId + " " + model . SystemUserAccessTokenRoleId , false )
require . Nil ( t , appErr )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2023-06-06 17:29:29 -04:00
_ , _ , err := th . Client . CreateUserAccessToken ( context . Background ( ) , th . BasicUser . Id , "test token" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2023-06-06 17:29:29 -04:00
_ , _ , err = th . Client . CreateUserAccessToken ( context . Background ( ) , th . BasicUser . Id , "test token 2" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2020-06-12 06:59:05 -04:00
th . TestForAllClients ( t , func ( t * testing . T , client * model . Client4 ) {
2023-06-06 17:29:29 -04:00
rtokens , _ , err := client . GetUserAccessTokensForUser ( context . Background ( ) , th . BasicUser . Id , 1 , 1 )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2020-06-12 06:59:05 -04:00
assert . Len ( t , rtokens , 1 , "should have 1 tokens" )
for _ , uat := range rtokens {
assert . Equal ( t , th . BasicUser . Id , uat . UserId , "wrong user id" )
}
} )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
} )
2017-10-19 08:10:29 -04:00
}
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
func TestGetUserAccessTokens ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
t . Run ( "GetUserAccessTokens, not a system admin" , func ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . EnableUserAccessTokens = true } )
2024-11-20 11:28:39 -05:00
_ , appErr := th . App . UpdateUserRoles ( th . Context , th . BasicUser . Id , model . SystemUserRoleId + " " + model . SystemUserAccessTokenRoleId , false )
require . Nil ( t , appErr )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2023-06-06 17:29:29 -04:00
_ , resp , err := th . Client . GetUserAccessTokens ( context . Background ( ) , 0 , 100 )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
CheckForbiddenStatus ( t , resp )
} )
t . Run ( "GetUserAccessTokens, as a system admin, page 1, perPage 1" , func ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . EnableUserAccessTokens = true } )
2024-11-20 11:28:39 -05:00
_ , appErr := th . App . UpdateUserRoles ( th . Context , th . BasicUser . Id , model . SystemUserRoleId + " " + model . SystemUserAccessTokenRoleId , false )
require . Nil ( t , appErr )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2023-06-06 17:29:29 -04:00
_ , _ , err := th . Client . CreateUserAccessToken ( context . Background ( ) , th . BasicUser . Id , "test token 2" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2023-06-06 17:29:29 -04:00
_ , _ , err = th . Client . CreateUserAccessToken ( context . Background ( ) , th . BasicUser . Id , "test token 2" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2023-06-06 17:29:29 -04:00
rtokens , _ , err := th . SystemAdminClient . GetUserAccessTokens ( context . Background ( ) , 1 , 1 )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
assert . Len ( t , rtokens , 1 , "should have 1 token" )
} )
t . Run ( "GetUserAccessTokens, as a system admin, page 0, perPage 2" , func ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . EnableUserAccessTokens = true } )
2024-11-20 11:28:39 -05:00
_ , appErr := th . App . UpdateUserRoles ( th . Context , th . BasicUser . Id , model . SystemUserRoleId + " " + model . SystemUserAccessTokenRoleId , false )
require . Nil ( t , appErr )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2023-06-06 17:29:29 -04:00
_ , _ , err := th . Client . CreateUserAccessToken ( context . Background ( ) , th . BasicUser . Id , "test token 2" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2023-06-06 17:29:29 -04:00
_ , _ , err = th . Client . CreateUserAccessToken ( context . Background ( ) , th . BasicUser . Id , "test token 2" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2023-06-06 17:29:29 -04:00
rtokens , _ , err := th . SystemAdminClient . GetUserAccessTokens ( context . Background ( ) , 0 , 2 )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
assert . Len ( t , rtokens , 2 , "should have 2 tokens" )
} )
}
func TestSearchUserAccessToken ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2017-10-19 08:10:29 -04:00
testDescription := "test token"
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . EnableUserAccessTokens = true } )
2017-10-19 08:10:29 -04:00
2024-11-20 11:28:39 -05:00
_ , appErr := th . App . UpdateUserRoles ( th . Context , th . BasicUser . Id , model . SystemUserRoleId + " " + model . SystemUserAccessTokenRoleId , false )
require . Nil ( t , appErr )
2023-06-06 17:29:29 -04:00
token , _ , err := th . Client . CreateUserAccessToken ( context . Background ( ) , th . BasicUser . Id , testDescription )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-10-19 08:10:29 -04:00
2023-06-06 17:29:29 -04:00
_ , resp , err := th . Client . SearchUserAccessTokens ( context . Background ( ) , & model . UserAccessTokenSearch { Term : token . Id } )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
CheckForbiddenStatus ( t , resp )
2023-06-06 17:29:29 -04:00
rtokens , _ , err := th . SystemAdminClient . SearchUserAccessTokens ( context . Background ( ) , & model . UserAccessTokenSearch { Term : th . BasicUser . Id } )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-10-19 08:10:29 -04:00
2019-11-15 09:13:32 -05:00
require . Len ( t , rtokens , 1 , "should have 1 token" )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2023-06-06 17:29:29 -04:00
rtokens , _ , err = th . SystemAdminClient . SearchUserAccessTokens ( context . Background ( ) , & model . UserAccessTokenSearch { Term : token . Id } )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-10-19 08:10:29 -04:00
2019-11-15 09:13:32 -05:00
require . Len ( t , rtokens , 1 , "should have 1 token" )
2017-10-19 08:10:29 -04:00
2023-06-06 17:29:29 -04:00
rtokens , _ , err = th . SystemAdminClient . SearchUserAccessTokens ( context . Background ( ) , & model . UserAccessTokenSearch { Term : th . BasicUser . Username } )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-10-19 08:10:29 -04:00
2019-11-15 09:13:32 -05:00
require . Len ( t , rtokens , 1 , "should have 1 token" )
2017-10-19 08:10:29 -04:00
2023-06-06 17:29:29 -04:00
rtokens , _ , err = th . SystemAdminClient . SearchUserAccessTokens ( context . Background ( ) , & model . UserAccessTokenSearch { Term : "not found" } )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2019-12-22 06:35:31 -05:00
require . Empty ( t , rtokens , "should have 1 tokens" )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
}
func TestRevokeUserAccessToken ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
t . Run ( "revoke user token" , func ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . EnableUserAccessTokens = true } )
2024-11-20 11:28:39 -05:00
_ , appErr := th . App . UpdateUserRoles ( th . Context , th . BasicUser . Id , model . SystemUserRoleId + " " + model . SystemUserAccessTokenRoleId , false )
require . Nil ( t , appErr )
2020-06-12 06:59:05 -04:00
th . TestForAllClients ( t , func ( t * testing . T , client * model . Client4 ) {
2023-06-06 17:29:29 -04:00
token , _ , err := client . CreateUserAccessToken ( context . Background ( ) , th . BasicUser . Id , "test token" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-06-12 06:59:05 -04:00
assertToken ( t , th , token , th . BasicUser . Id )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2023-06-06 17:29:29 -04:00
_ , err = client . RevokeUserAccessToken ( context . Background ( ) , token . Id )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2020-06-12 06:59:05 -04:00
assertInvalidToken ( t , th , token )
} )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
} )
t . Run ( "revoke token belonging to another user" , func ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . EnableUserAccessTokens = true } )
2023-06-06 17:29:29 -04:00
token , _ , err := th . SystemAdminClient . CreateUserAccessToken ( context . Background ( ) , th . BasicUser2 . Id , "test token" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2023-06-06 17:29:29 -04:00
resp , err := th . Client . RevokeUserAccessToken ( context . Background ( ) , token . Id )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
CheckForbiddenStatus ( t , resp )
} )
t . Run ( "revoke token for bot created by user" , func ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . EnableUserAccessTokens = true } )
2025-11-12 07:00:51 -05:00
defaultPerms := th . SaveDefaultRolePermissions ( t )
defer th . RestoreDefaultRolePermissions ( t , defaultPerms )
th . AddPermissionToRole ( t , model . PermissionCreateBot . Id , model . TeamUserRoleId )
th . AddPermissionToRole ( t , model . PermissionManageBots . Id , model . TeamUserRoleId )
th . AddPermissionToRole ( t , model . PermissionCreateUserAccessToken . Id , model . TeamUserRoleId )
th . AddPermissionToRole ( t , model . PermissionRevokeUserAccessToken . Id , model . TeamUserRoleId )
2024-11-20 11:28:39 -05:00
_ , appErr := th . App . UpdateUserRoles ( th . Context , th . BasicUser . Id , model . TeamUserRoleId , false )
require . Nil ( t , appErr )
2019-05-13 10:48:32 -04:00
th . App . UpdateConfig ( func ( cfg * model . Config ) {
2019-05-23 16:03:22 -04:00
* cfg . ServiceSettings . EnableBotAccountCreation = true
2019-05-13 10:48:32 -04:00
} )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2023-06-06 17:29:29 -04:00
createdBot , resp , err := th . Client . CreateBot ( context . Background ( ) , & model . Bot {
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
Username : GenerateTestUsername ( ) ,
DisplayName : "a bot" ,
Description : "bot" ,
} )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
CheckCreatedStatus ( t , resp )
2024-11-20 11:28:39 -05:00
defer func ( ) {
appErr := th . App . PermanentDeleteBot ( th . Context , createdBot . UserId )
require . Nil ( t , appErr )
} ( )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2023-06-06 17:29:29 -04:00
token , _ , err := th . Client . CreateUserAccessToken ( context . Background ( ) , createdBot . UserId , "test token" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
t . Run ( "without MANAGE_BOTS permission" , func ( t * testing . T ) {
2025-11-12 07:00:51 -05:00
th . RemovePermissionFromRole ( t , model . PermissionManageBots . Id , model . TeamUserRoleId )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2023-06-06 17:29:29 -04:00
resp , err := th . Client . RevokeUserAccessToken ( context . Background ( ) , token . Id )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
CheckForbiddenStatus ( t , resp )
} )
t . Run ( "with MANAGE_BOTS permission" , func ( t * testing . T ) {
2025-11-12 07:00:51 -05:00
th . AddPermissionToRole ( t , model . PermissionManageBots . Id , model . TeamUserRoleId )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2023-06-06 17:29:29 -04:00
_ , err := th . Client . RevokeUserAccessToken ( context . Background ( ) , token . Id )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
} )
} )
t . Run ( "revoke token for bot created by another user" , func ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . EnableUserAccessTokens = true } )
2025-11-12 07:00:51 -05:00
defaultPerms := th . SaveDefaultRolePermissions ( t )
defer th . RestoreDefaultRolePermissions ( t , defaultPerms )
th . AddPermissionToRole ( t , model . PermissionCreateBot . Id , model . TeamUserRoleId )
th . AddPermissionToRole ( t , model . PermissionManageBots . Id , model . TeamUserRoleId )
th . AddPermissionToRole ( t , model . PermissionCreateUserAccessToken . Id , model . TeamUserRoleId )
th . AddPermissionToRole ( t , model . PermissionRevokeUserAccessToken . Id , model . TeamUserRoleId )
2024-11-20 11:28:39 -05:00
_ , appErr := th . App . UpdateUserRoles ( th . Context , th . BasicUser . Id , model . TeamUserRoleId , false )
require . Nil ( t , appErr )
2019-05-13 10:48:32 -04:00
th . App . UpdateConfig ( func ( cfg * model . Config ) {
2019-05-23 16:03:22 -04:00
* cfg . ServiceSettings . EnableBotAccountCreation = true
2019-05-13 10:48:32 -04:00
} )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2023-06-06 17:29:29 -04:00
createdBot , resp , err := th . SystemAdminClient . CreateBot ( context . Background ( ) , & model . Bot {
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
Username : GenerateTestUsername ( ) ,
DisplayName : "a bot" ,
Description : "bot" ,
} )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
CheckCreatedStatus ( t , resp )
2024-11-20 11:28:39 -05:00
defer func ( ) {
appErr := th . App . PermanentDeleteBot ( th . Context , createdBot . UserId )
require . Nil ( t , appErr )
} ( )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2023-06-06 17:29:29 -04:00
token , _ , err := th . SystemAdminClient . CreateUserAccessToken ( context . Background ( ) , createdBot . UserId , "test token" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
t . Run ( "only having MANAGE_BOTS permission" , func ( t * testing . T ) {
2023-06-06 17:29:29 -04:00
resp , err = th . Client . RevokeUserAccessToken ( context . Background ( ) , token . Id )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
CheckForbiddenStatus ( t , resp )
} )
t . Run ( "with MANAGE_OTHERS_BOTS permission" , func ( t * testing . T ) {
2025-11-12 07:00:51 -05:00
th . AddPermissionToRole ( t , model . PermissionManageOthersBots . Id , model . TeamUserRoleId )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2023-06-06 17:29:29 -04:00
_ , err := th . Client . RevokeUserAccessToken ( context . Background ( ) , token . Id )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
} )
} )
}
func TestDisableUserAccessToken ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
t . Run ( "disable user token" , func ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . EnableUserAccessTokens = true } )
2024-11-20 11:28:39 -05:00
_ , appErr := th . App . UpdateUserRoles ( th . Context , th . BasicUser . Id , model . SystemUserRoleId + " " + model . SystemUserAccessTokenRoleId , false )
require . Nil ( t , appErr )
2023-06-06 17:29:29 -04:00
token , _ , err := th . Client . CreateUserAccessToken ( context . Background ( ) , th . BasicUser . Id , "test token" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
assertToken ( t , th , token , th . BasicUser . Id )
2023-06-06 17:29:29 -04:00
_ , err = th . Client . DisableUserAccessToken ( context . Background ( ) , token . Id )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
assertInvalidToken ( t , th , token )
} )
t . Run ( "disable token belonging to another user" , func ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . EnableUserAccessTokens = true } )
2023-06-06 17:29:29 -04:00
token , _ , err := th . SystemAdminClient . CreateUserAccessToken ( context . Background ( ) , th . BasicUser2 . Id , "test token" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2023-06-06 17:29:29 -04:00
resp , err := th . Client . DisableUserAccessToken ( context . Background ( ) , token . Id )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
CheckForbiddenStatus ( t , resp )
} )
t . Run ( "disable token for bot created by user" , func ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . EnableUserAccessTokens = true } )
2025-11-12 07:00:51 -05:00
defaultPerms := th . SaveDefaultRolePermissions ( t )
defer th . RestoreDefaultRolePermissions ( t , defaultPerms )
th . AddPermissionToRole ( t , model . PermissionCreateBot . Id , model . TeamUserRoleId )
th . AddPermissionToRole ( t , model . PermissionManageBots . Id , model . TeamUserRoleId )
th . AddPermissionToRole ( t , model . PermissionCreateUserAccessToken . Id , model . TeamUserRoleId )
th . AddPermissionToRole ( t , model . PermissionRevokeUserAccessToken . Id , model . TeamUserRoleId )
2024-11-20 11:28:39 -05:00
_ , appErr := th . App . UpdateUserRoles ( th . Context , th . BasicUser . Id , model . TeamUserRoleId , false )
require . Nil ( t , appErr )
2019-05-13 10:48:32 -04:00
th . App . UpdateConfig ( func ( cfg * model . Config ) {
2019-05-23 16:03:22 -04:00
* cfg . ServiceSettings . EnableBotAccountCreation = true
2019-05-13 10:48:32 -04:00
} )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2023-06-06 17:29:29 -04:00
createdBot , resp , err := th . Client . CreateBot ( context . Background ( ) , & model . Bot {
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
Username : GenerateTestUsername ( ) ,
DisplayName : "a bot" ,
Description : "bot" ,
} )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
CheckCreatedStatus ( t , resp )
2024-11-20 11:28:39 -05:00
defer func ( ) {
appErr := th . App . PermanentDeleteBot ( th . Context , createdBot . UserId )
require . Nil ( t , appErr )
} ( )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2023-06-06 17:29:29 -04:00
token , _ , err := th . Client . CreateUserAccessToken ( context . Background ( ) , createdBot . UserId , "test token" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
t . Run ( "without MANAGE_BOTS permission" , func ( t * testing . T ) {
2025-11-12 07:00:51 -05:00
th . RemovePermissionFromRole ( t , model . PermissionManageBots . Id , model . TeamUserRoleId )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2023-06-06 17:29:29 -04:00
resp , err := th . Client . DisableUserAccessToken ( context . Background ( ) , token . Id )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
CheckForbiddenStatus ( t , resp )
} )
t . Run ( "with MANAGE_BOTS permission" , func ( t * testing . T ) {
2025-11-12 07:00:51 -05:00
th . AddPermissionToRole ( t , model . PermissionManageBots . Id , model . TeamUserRoleId )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2023-06-06 17:29:29 -04:00
_ , err := th . Client . DisableUserAccessToken ( context . Background ( ) , token . Id )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
} )
} )
t . Run ( "disable token for bot created by another user" , func ( t * testing . T ) {
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . EnableUserAccessTokens = true } )
2025-11-12 07:00:51 -05:00
defaultPerms := th . SaveDefaultRolePermissions ( t )
defer th . RestoreDefaultRolePermissions ( t , defaultPerms )
th . AddPermissionToRole ( t , model . PermissionCreateBot . Id , model . TeamUserRoleId )
th . AddPermissionToRole ( t , model . PermissionManageBots . Id , model . TeamUserRoleId )
th . AddPermissionToRole ( t , model . PermissionCreateUserAccessToken . Id , model . TeamUserRoleId )
th . AddPermissionToRole ( t , model . PermissionRevokeUserAccessToken . Id , model . TeamUserRoleId )
2024-11-20 11:28:39 -05:00
_ , appErr := th . App . UpdateUserRoles ( th . Context , th . BasicUser . Id , model . TeamUserRoleId , false )
require . Nil ( t , appErr )
2019-05-13 10:48:32 -04:00
th . App . UpdateConfig ( func ( cfg * model . Config ) {
2019-05-23 16:03:22 -04:00
* cfg . ServiceSettings . EnableBotAccountCreation = true
2019-05-13 10:48:32 -04:00
} )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2023-06-06 17:29:29 -04:00
createdBot , resp , err := th . SystemAdminClient . CreateBot ( context . Background ( ) , & model . Bot {
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
Username : GenerateTestUsername ( ) ,
DisplayName : "a bot" ,
Description : "bot" ,
} )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
CheckCreatedStatus ( t , resp )
2024-11-20 11:28:39 -05:00
defer func ( ) {
appErr := th . App . PermanentDeleteBot ( th . Context , createdBot . UserId )
require . Nil ( t , appErr )
} ( )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2023-06-06 17:29:29 -04:00
token , _ , err := th . SystemAdminClient . CreateUserAccessToken ( context . Background ( ) , createdBot . UserId , "test token" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
t . Run ( "only having MANAGE_BOTS permission" , func ( t * testing . T ) {
2023-06-06 17:29:29 -04:00
resp , err = th . Client . DisableUserAccessToken ( context . Background ( ) , token . Id )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
CheckForbiddenStatus ( t , resp )
} )
t . Run ( "with MANAGE_OTHERS_BOTS permission" , func ( t * testing . T ) {
2025-11-12 07:00:51 -05:00
th . AddPermissionToRole ( t , model . PermissionManageOthersBots . Id , model . TeamUserRoleId )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2023-06-06 17:29:29 -04:00
_ , err := th . Client . DisableUserAccessToken ( context . Background ( ) , token . Id )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
} )
} )
}
func TestEnableUserAccessToken ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
t . Run ( "enable user token" , func ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . EnableUserAccessTokens = true } )
2024-11-20 11:28:39 -05:00
_ , appErr := th . App . UpdateUserRoles ( th . Context , th . BasicUser . Id , model . SystemUserRoleId + " " + model . SystemUserAccessTokenRoleId , false )
require . Nil ( t , appErr )
2023-06-06 17:29:29 -04:00
token , _ , err := th . Client . CreateUserAccessToken ( context . Background ( ) , th . BasicUser . Id , "test token" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
assertToken ( t , th , token , th . BasicUser . Id )
2023-06-06 17:29:29 -04:00
_ , err = th . Client . DisableUserAccessToken ( context . Background ( ) , token . Id )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
assertInvalidToken ( t , th , token )
2023-06-06 17:29:29 -04:00
_ , err = th . Client . EnableUserAccessToken ( context . Background ( ) , token . Id )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
assertToken ( t , th , token , th . BasicUser . Id )
} )
t . Run ( "enable token belonging to another user" , func ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . EnableUserAccessTokens = true } )
2023-06-06 17:29:29 -04:00
token , _ , err := th . SystemAdminClient . CreateUserAccessToken ( context . Background ( ) , th . BasicUser2 . Id , "test token" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2023-06-06 17:29:29 -04:00
_ , err = th . SystemAdminClient . DisableUserAccessToken ( context . Background ( ) , token . Id )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2023-06-06 17:29:29 -04:00
resp , err := th . Client . DisableUserAccessToken ( context . Background ( ) , token . Id )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
CheckForbiddenStatus ( t , resp )
} )
t . Run ( "enable token for bot created by user" , func ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . EnableUserAccessTokens = true } )
2025-11-12 07:00:51 -05:00
defaultPerms := th . SaveDefaultRolePermissions ( t )
defer th . RestoreDefaultRolePermissions ( t , defaultPerms )
th . AddPermissionToRole ( t , model . PermissionCreateBot . Id , model . TeamUserRoleId )
th . AddPermissionToRole ( t , model . PermissionManageBots . Id , model . TeamUserRoleId )
th . AddPermissionToRole ( t , model . PermissionCreateUserAccessToken . Id , model . TeamUserRoleId )
th . AddPermissionToRole ( t , model . PermissionRevokeUserAccessToken . Id , model . TeamUserRoleId )
2024-11-20 11:28:39 -05:00
_ , appErr := th . App . UpdateUserRoles ( th . Context , th . BasicUser . Id , model . TeamUserRoleId , false )
require . Nil ( t , appErr )
2019-05-13 10:48:32 -04:00
th . App . UpdateConfig ( func ( cfg * model . Config ) {
2019-05-23 16:03:22 -04:00
* cfg . ServiceSettings . EnableBotAccountCreation = true
2019-05-13 10:48:32 -04:00
} )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2023-06-06 17:29:29 -04:00
createdBot , resp , err := th . Client . CreateBot ( context . Background ( ) , & model . Bot {
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
Username : GenerateTestUsername ( ) ,
DisplayName : "a bot" ,
Description : "bot" ,
} )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
CheckCreatedStatus ( t , resp )
2024-11-20 11:28:39 -05:00
defer func ( ) {
appErr := th . App . PermanentDeleteBot ( th . Context , createdBot . UserId )
require . Nil ( t , appErr )
} ( )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2023-06-06 17:29:29 -04:00
token , _ , err := th . Client . CreateUserAccessToken ( context . Background ( ) , createdBot . UserId , "test token" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2023-06-06 17:29:29 -04:00
_ , err = th . Client . DisableUserAccessToken ( context . Background ( ) , token . Id )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
t . Run ( "without MANAGE_BOTS permission" , func ( t * testing . T ) {
2025-11-12 07:00:51 -05:00
th . RemovePermissionFromRole ( t , model . PermissionManageBots . Id , model . TeamUserRoleId )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2023-06-06 17:29:29 -04:00
resp , err2 := th . Client . EnableUserAccessToken ( context . Background ( ) , token . Id )
2021-08-13 07:12:16 -04:00
require . Error ( t , err2 )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
CheckForbiddenStatus ( t , resp )
} )
t . Run ( "with MANAGE_BOTS permission" , func ( t * testing . T ) {
2025-11-12 07:00:51 -05:00
th . AddPermissionToRole ( t , model . PermissionManageBots . Id , model . TeamUserRoleId )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2023-06-06 17:29:29 -04:00
_ , err = th . Client . EnableUserAccessToken ( context . Background ( ) , token . Id )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
} )
} )
t . Run ( "enable token for bot created by another user" , func ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . EnableUserAccessTokens = true } )
2025-11-12 07:00:51 -05:00
defaultPerms := th . SaveDefaultRolePermissions ( t )
defer th . RestoreDefaultRolePermissions ( t , defaultPerms )
th . AddPermissionToRole ( t , model . PermissionCreateBot . Id , model . TeamUserRoleId )
th . AddPermissionToRole ( t , model . PermissionManageBots . Id , model . TeamUserRoleId )
th . AddPermissionToRole ( t , model . PermissionCreateUserAccessToken . Id , model . TeamUserRoleId )
th . AddPermissionToRole ( t , model . PermissionRevokeUserAccessToken . Id , model . TeamUserRoleId )
2024-11-20 11:28:39 -05:00
_ , appErr := th . App . UpdateUserRoles ( th . Context , th . BasicUser . Id , model . TeamUserRoleId , false )
require . Nil ( t , appErr )
2019-05-13 10:48:32 -04:00
th . App . UpdateConfig ( func ( cfg * model . Config ) {
2019-05-23 16:03:22 -04:00
* cfg . ServiceSettings . EnableBotAccountCreation = true
2019-05-13 10:48:32 -04:00
} )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2023-06-06 17:29:29 -04:00
createdBot , resp , err := th . SystemAdminClient . CreateBot ( context . Background ( ) , & model . Bot {
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
Username : GenerateTestUsername ( ) ,
DisplayName : "a bot" ,
Description : "bot" ,
} )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
CheckCreatedStatus ( t , resp )
2024-11-20 11:28:39 -05:00
defer func ( ) {
appErr := th . App . PermanentDeleteBot ( th . Context , createdBot . UserId )
require . Nil ( t , appErr )
} ( )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2023-06-06 17:29:29 -04:00
token , _ , err := th . SystemAdminClient . CreateUserAccessToken ( context . Background ( ) , createdBot . UserId , "test token" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2023-06-06 17:29:29 -04:00
_ , err = th . SystemAdminClient . DisableUserAccessToken ( context . Background ( ) , token . Id )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
t . Run ( "only having MANAGE_BOTS permission" , func ( t * testing . T ) {
2023-06-06 17:29:29 -04:00
resp , err2 := th . Client . EnableUserAccessToken ( context . Background ( ) , token . Id )
2021-08-13 07:12:16 -04:00
require . Error ( t , err2 )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
CheckForbiddenStatus ( t , resp )
} )
t . Run ( "with MANAGE_OTHERS_BOTS permission" , func ( t * testing . T ) {
2025-11-12 07:00:51 -05:00
th . AddPermissionToRole ( t , model . PermissionManageOthersBots . Id , model . TeamUserRoleId )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
2023-06-06 17:29:29 -04:00
_ , err = th . Client . EnableUserAccessToken ( context . Background ( ) , token . Id )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
MM-12393 Server side of bot accounts. (#10378)
* bots model, store and api (#9903)
* bots model, store and api
Fixes: MM-13100, MM-13101, MM-13103, MM-13105, MMM-13119
* uncomment tests incorrectly commented, and fix merge issues
* add etags support
* add missing licenses
* remove unused sqlbuilder.go (for now...)
* rejig permissions
* split out READ_BOTS into READ_BOTS and READ_OTHERS_BOTS, the latter
implicitly allowing the former
* make MANAGE_OTHERS_BOTS imply MANAGE_BOTS
* conform to general rest api pattern
* eliminate redundant http.StatusOK
* Update api4/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* s/model.UserFromBotModel/model.UserFromBot/g
* Update model/bot.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* Update model/client4.go
Co-Authored-By: lieut-data <jesse.hallam@gmail.com>
* move sessionHasPermissionToManageBot to app/authorization.go
* use api.ApiSessionRequired for createBot
* introduce BOT_DESCRIPTION_MAX_RUNES constant
* MM-13512 Prevent getting a user by email based on privacy settings (#10021)
* MM-13512 Prevent getting a user by email based on privacy settings
* Add additional config settings to tests
* upgrade db to 5.7 (#10019)
* MM-13526 Add validation when setting a user's Locale field (#10022)
* Fix typos (#10024)
* Fixing first user being created with system admin privilages without being explicity specified. (#10014)
* Revert "Support for Embeded chat (#9129)" (#10017)
This reverts commit 3fcecd521a5c6ccfdb52fb4c3fb1f8c6ea528a4e.
* s/DisableBot/UpdateBotActive
* add permissions on upgrade
* Update NOTICE.txt (#10054)
- add new dependency (text)
- handle switch to forked dependency (go-gomail -> go-mail)
- misc copyright owner updates
* avoid leaking bot knowledge without permission
* [GH-6798] added a new api endpoint to get the bulk reactions for posts (#10049)
* 6798 added a new api to get the bulk reactions for posts
* 6798 added the permsission check before getting the reactions
* GH-6798 added a new app function for the new endpoint
* 6798 added a store method to get reactions for multiple posts
* 6798 connected the app function with the new store function
* 6798 fixed the review comments
* MM-13559 Update model.post.is_valid.file_ids.app_error text per report (#10055)
Ticket: https://mattermost.atlassian.net/browse/MM-13559
Report: https://github.com/mattermost/mattermost-server/issues/10023
* Trigger Login Hooks with OAuth (#10061)
* make BotStore.GetAll deterministic even on duplicate CreateAt
* fix spurious TestMuteCommandSpecificChannel test failure
See
https://community-daily.mattermost.com/core/pl/px9p8s3dzbg1pf3ddrm5cr36uw
* fix race in TestExportUserChannels
* TestExportUserChannels: remove SaveMember call, as it is redundant and used to be silently failing anyway
* MM-13117: bot tokens (#10111)
* eliminate redundant Client/AdminClient declarations
* harden TestUpdateChannelScheme to API failures
* eliminate unnecessary config restoration
* minor cleanup
* make TestGenerateMfaSecret config dependency explicit
* TestCreateUserAccessToken for bots
* TestGetUserAccessToken* for bots
* leverage SessionHasPermissionToUserOrBot for user token APIs
* Test(Revoke|Disable|Enable)UserAccessToken
* make EnableUserAccessTokens explicit, so as to not rely on local config.json
* uncomment TestResetPassword, but still skip
* mark assert(Invalid)Token as helper
* fix whitespace issues
* fix mangled comments
* MM-13116: bot plugin api (#10113)
* MM-13117: expose bot API to plugins
This also changes the `CreatorId` column definition to allow for plugin
ids, as the default unless the plugin overrides is to use the plugin id
here. This branch hasn't hit master yet, so no migration needed.
* gofmt issues
* expunge use of BotList in plugin/client API
* introduce model.BotGetOptions
* use botUserId term for clarity
* MM-13129 Adding functionality to deal with orphaned bots (#10238)
* Add way to list orphaned bots.
* Add /assign route to modify ownership of bot accounts.
* Apply suggestions from code review
Co-Authored-By: crspeller <crspeller@gmail.com>
* MM-13120: add IsBot field to returned user objects (#10103)
* MM-13104: forbid bot login (#10251)
* MM-13104: disallow bot login
* fix shadowing
* MM-13136 Disable user bots when user is disabled. (#10293)
* Disable user bots when user is disabled.
* Grammer.
Co-Authored-By: crspeller <crspeller@gmail.com>
* Fixing bot branch for test changes.
* Don't use external dependancies in bot plugin tests.
* Rename bot CreatorId to OwnerId
* Adding ability to re-enable bots
* Fixing IsBot to not attempt to be saved to DB.
* Adding diagnostics and licencing counting for bot accounts.
* Modifying gorp to allow reading of '-' fields.
* Removing unnessisary nil values from UserCountOptions.
* Changing comment to GoDoc format
* Improving user count SQL
* Some improvments from feedback.
* Omit empty on User.IsBot
2019-03-05 10:06:45 -05:00
} )
} )
2017-10-19 08:10:29 -04:00
}
2017-07-31 12:59:32 -04:00
func TestUserAccessTokenInactiveUser ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2017-07-31 12:59:32 -04:00
testDescription := "test token"
2017-10-18 18:36:43 -04:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . EnableUserAccessTokens = true } )
2017-07-31 12:59:32 -04:00
2024-11-20 11:28:39 -05:00
_ , appErr := th . App . UpdateUserRoles ( th . Context , th . BasicUser . Id , model . SystemUserRoleId + " " + model . SystemUserAccessTokenRoleId , false )
require . Nil ( t , appErr )
2023-06-06 17:29:29 -04:00
token , _ , err := th . Client . CreateUserAccessToken ( context . Background ( ) , th . BasicUser . Id , testDescription )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-07-31 12:59:32 -04:00
2019-01-24 15:19:32 -05:00
th . Client . AuthToken = token . Token
2023-06-06 17:29:29 -04:00
_ , _ , err = th . Client . GetMe ( context . Background ( ) , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-07-31 12:59:32 -04:00
2024-11-20 11:28:39 -05:00
_ , appErr = th . App . UpdateActive ( th . Context , th . BasicUser , false )
require . Nil ( t , appErr )
2017-07-31 12:59:32 -04:00
2023-06-06 17:29:29 -04:00
_ , resp , err := th . Client . GetMe ( context . Background ( ) , "" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-07-31 12:59:32 -04:00
CheckUnauthorizedStatus ( t , resp )
}
func TestUserAccessTokenDisableConfig ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2017-07-31 12:59:32 -04:00
testDescription := "test token"
2017-10-18 18:36:43 -04:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . EnableUserAccessTokens = true } )
2017-07-31 12:59:32 -04:00
2024-11-20 11:28:39 -05:00
_ , appErr := th . App . UpdateUserRoles ( th . Context , th . BasicUser . Id , model . SystemUserRoleId + " " + model . SystemUserAccessTokenRoleId , false )
require . Nil ( t , appErr )
2023-06-06 17:29:29 -04:00
token , _ , err := th . Client . CreateUserAccessToken ( context . Background ( ) , th . BasicUser . Id , testDescription )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-07-31 12:59:32 -04:00
2019-01-24 15:19:32 -05:00
oldSessionToken := th . Client . AuthToken
th . Client . AuthToken = token . Token
2023-06-06 17:29:29 -04:00
_ , _ , err = th . Client . GetMe ( context . Background ( ) , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-07-31 12:59:32 -04:00
2017-10-18 18:36:43 -04:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . EnableUserAccessTokens = false } )
2017-07-31 12:59:32 -04:00
2023-06-06 17:29:29 -04:00
_ , resp , err := th . Client . GetMe ( context . Background ( ) , "" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2017-07-31 12:59:32 -04:00
CheckUnauthorizedStatus ( t , resp )
2019-01-24 15:19:32 -05:00
th . Client . AuthToken = oldSessionToken
2023-06-06 17:29:29 -04:00
_ , _ , err = th . Client . GetMe ( context . Background ( ) , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-06-13 14:54:09 -04:00
}
func TestUserAccessTokenDisableConfigBotsExcluded ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2020-07-22 04:20:33 -04:00
th := Setup ( t )
2019-06-13 14:54:09 -04:00
th . App . UpdateConfig ( func ( cfg * model . Config ) {
* cfg . ServiceSettings . EnableBotAccountCreation = true
* cfg . ServiceSettings . EnableUserAccessTokens = false
} )
2023-06-06 17:29:29 -04:00
bot , resp , err := th . SystemAdminClient . CreateBot ( context . Background ( ) , & model . Bot {
2019-06-13 14:54:09 -04:00
Username : GenerateTestUsername ( ) ,
DisplayName : "a bot" ,
Description : "bot" ,
} )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-06-13 14:54:09 -04:00
CheckCreatedStatus ( t , resp )
2023-06-06 17:29:29 -04:00
rtoken , _ , err := th . SystemAdminClient . CreateUserAccessToken ( context . Background ( ) , bot . UserId , "test token" )
2019-06-13 14:54:09 -04:00
th . Client . AuthToken = rtoken . Token
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-06-13 14:54:09 -04:00
2023-06-06 17:29:29 -04:00
_ , _ , err = th . Client . GetMe ( context . Background ( ) , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2017-07-31 12:59:32 -04:00
}
2018-03-09 07:48:30 -05:00
func TestGetUsersByStatus ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2020-02-10 13:31:41 -05:00
th := Setup ( t )
2018-03-09 07:48:30 -05:00
2021-08-13 07:12:16 -04:00
team , appErr := th . App . CreateTeam ( th . Context , & model . Team {
2018-03-09 07:48:30 -05:00
DisplayName : "dn_" + model . NewId ( ) ,
Name : GenerateTestTeamName ( ) ,
Email : th . GenerateTestEmail ( ) ,
2021-07-12 14:05:36 -04:00
Type : model . TeamOpen ,
2018-03-09 07:48:30 -05:00
} )
2019-11-15 09:13:32 -05:00
2021-08-13 07:12:16 -04:00
require . Nil ( t , appErr , "failed to create team" )
2018-03-09 07:48:30 -05:00
2021-08-13 07:12:16 -04:00
channel , appErr := th . App . CreateChannel ( th . Context , & model . Channel {
2018-03-09 07:48:30 -05:00
DisplayName : "dn_" + model . NewId ( ) ,
Name : "name_" + model . NewId ( ) ,
2021-07-12 14:05:36 -04:00
Type : model . ChannelTypeOpen ,
2018-03-09 07:48:30 -05:00
TeamId : team . Id ,
CreatorId : model . NewId ( ) ,
} , false )
2021-08-13 07:12:16 -04:00
require . Nil ( t , appErr , "failed to create channel" )
2018-03-09 07:48:30 -05:00
2026-04-08 15:49:43 -04:00
userPassword := model . NewTestPassword ( )
2018-03-09 07:48:30 -05:00
createUserWithStatus := func ( username string , status string ) * model . User {
id := model . NewId ( )
2021-05-11 06:00:44 -04:00
user , err := th . App . CreateUser ( th . Context , & model . User {
2018-03-09 07:48:30 -05:00
Email : "success+" + id + "@simulator.amazonses.com" ,
Username : "un_" + username + "_" + id ,
Nickname : "nn_" + id ,
2026-04-08 15:49:43 -04:00
Password : userPassword ,
2018-03-09 07:48:30 -05:00
} )
2019-11-15 09:13:32 -05:00
require . Nil ( t , err , "failed to create user" )
2018-03-09 07:48:30 -05:00
2025-11-12 07:00:51 -05:00
th . LinkUserToTeam ( t , user , team )
th . AddUserToChannel ( t , user , channel )
2018-03-09 07:48:30 -05:00
2022-10-06 04:04:21 -04:00
th . App . Srv ( ) . Platform ( ) . SaveAndBroadcastStatus ( & model . Status {
2018-03-09 07:48:30 -05:00
UserId : user . Id ,
Status : status ,
Manual : true ,
} )
return user
}
// Creating these out of order in case that affects results
2021-07-12 14:05:36 -04:00
offlineUser1 := createUserWithStatus ( "offline1" , model . StatusOffline )
offlineUser2 := createUserWithStatus ( "offline2" , model . StatusOffline )
awayUser1 := createUserWithStatus ( "away1" , model . StatusAway )
awayUser2 := createUserWithStatus ( "away2" , model . StatusAway )
onlineUser1 := createUserWithStatus ( "online1" , model . StatusOnline )
onlineUser2 := createUserWithStatus ( "online2" , model . StatusOnline )
dndUser1 := createUserWithStatus ( "dnd1" , model . StatusDnd )
dndUser2 := createUserWithStatus ( "dnd2" , model . StatusDnd )
2018-03-09 07:48:30 -05:00
client := th . CreateClient ( )
2026-04-08 15:49:43 -04:00
_ , _ , err := client . Login ( context . Background ( ) , onlineUser2 . Username , userPassword )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2018-03-09 07:48:30 -05:00
t . Run ( "sorting by status then alphabetical" , func ( t * testing . T ) {
2023-06-06 17:29:29 -04:00
usersByStatus , _ , err := client . GetUsersInChannelByStatus ( context . Background ( ) , channel . Id , 0 , 8 , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2018-03-09 07:48:30 -05:00
expectedUsersByStatus := [ ] * model . User {
onlineUser1 ,
onlineUser2 ,
awayUser1 ,
awayUser2 ,
dndUser1 ,
dndUser2 ,
offlineUser1 ,
offlineUser2 ,
}
2019-11-15 09:13:32 -05:00
require . Equal ( t , len ( expectedUsersByStatus ) , len ( usersByStatus ) )
2018-03-09 07:48:30 -05:00
for i := range usersByStatus {
2019-11-15 09:13:32 -05:00
require . Equal ( t , expectedUsersByStatus [ i ] . Id , usersByStatus [ i ] . Id )
2018-03-09 07:48:30 -05:00
}
} )
t . Run ( "paging" , func ( t * testing . T ) {
2023-06-06 17:29:29 -04:00
usersByStatus , _ , err := client . GetUsersInChannelByStatus ( context . Background ( ) , channel . Id , 0 , 3 , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-11-15 09:13:32 -05:00
require . Len ( t , usersByStatus , 3 )
require . Equal ( t , onlineUser1 . Id , usersByStatus [ 0 ] . Id , "online users first" )
require . Equal ( t , onlineUser2 . Id , usersByStatus [ 1 ] . Id , "online users first" )
require . Equal ( t , awayUser1 . Id , usersByStatus [ 2 ] . Id , "expected to receive away users second" )
2018-03-09 07:48:30 -05:00
2023-06-06 17:29:29 -04:00
usersByStatus , _ , err = client . GetUsersInChannelByStatus ( context . Background ( ) , channel . Id , 1 , 3 , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2018-03-09 07:48:30 -05:00
2019-11-15 09:13:32 -05:00
require . Equal ( t , awayUser2 . Id , usersByStatus [ 0 ] . Id , "expected to receive away users second" )
require . Equal ( t , dndUser1 . Id , usersByStatus [ 1 ] . Id , "expected to receive dnd users third" )
require . Equal ( t , dndUser2 . Id , usersByStatus [ 2 ] . Id , "expected to receive dnd users third" )
2018-03-09 07:48:30 -05:00
2023-06-06 17:29:29 -04:00
usersByStatus , _ , err = client . GetUsersInChannelByStatus ( context . Background ( ) , channel . Id , 1 , 4 , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2018-03-09 07:48:30 -05:00
2019-11-15 09:13:32 -05:00
require . Len ( t , usersByStatus , 4 )
require . Equal ( t , dndUser1 . Id , usersByStatus [ 0 ] . Id , "expected to receive dnd users third" )
require . Equal ( t , dndUser2 . Id , usersByStatus [ 1 ] . Id , "expected to receive dnd users third" )
2018-03-09 07:48:30 -05:00
2019-11-15 09:13:32 -05:00
require . Equal ( t , offlineUser1 . Id , usersByStatus [ 2 ] . Id , "expected to receive offline users last" )
require . Equal ( t , offlineUser2 . Id , usersByStatus [ 3 ] . Id , "expected to receive offline users last" )
2018-03-09 07:48:30 -05:00
} )
}
2018-09-26 16:49:22 -04:00
2018-10-09 20:55:47 -04:00
func TestRegisterTermsOfServiceAction ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2018-09-26 16:49:22 -04:00
2023-06-06 17:29:29 -04:00
_ , err := th . Client . RegisterTermsOfServiceAction ( context . Background ( ) , th . BasicUser . Id , "st_1" , true )
2021-08-13 07:12:16 -04:00
CheckErrorID ( t , err , "app.terms_of_service.get.no_rows.app_error" )
2018-09-26 16:49:22 -04:00
2021-08-13 07:12:16 -04:00
termsOfService , appErr := th . App . CreateTermsOfService ( "terms of service" , th . BasicUser . Id )
require . Nil ( t , appErr )
2018-09-26 16:49:22 -04:00
2023-06-06 17:29:29 -04:00
_ , err = th . Client . RegisterTermsOfServiceAction ( context . Background ( ) , th . BasicUser . Id , termsOfService . Id , true )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2018-09-26 16:49:22 -04:00
2021-08-13 07:12:16 -04:00
_ , appErr = th . App . GetUser ( th . BasicUser . Id )
require . Nil ( t , appErr )
2018-11-08 15:48:14 -05:00
}
func TestGetUserTermsOfService ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2018-11-08 15:48:14 -05:00
2023-06-06 17:29:29 -04:00
_ , _ , err := th . Client . GetUserTermsOfService ( context . Background ( ) , th . BasicUser . Id , "" )
2021-08-13 07:12:16 -04:00
CheckErrorID ( t , err , "app.user_terms_of_service.get_by_user.no_rows.app_error" )
2018-11-08 15:48:14 -05:00
2021-08-13 07:12:16 -04:00
termsOfService , appErr := th . App . CreateTermsOfService ( "terms of service" , th . BasicUser . Id )
require . Nil ( t , appErr )
2018-11-08 15:48:14 -05:00
2023-06-06 17:29:29 -04:00
_ , err = th . Client . RegisterTermsOfServiceAction ( context . Background ( ) , th . BasicUser . Id , termsOfService . Id , true )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2018-11-08 15:48:14 -05:00
2023-06-06 17:29:29 -04:00
userTermsOfService , _ , err := th . Client . GetUserTermsOfService ( context . Background ( ) , th . BasicUser . Id , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2018-09-26 16:49:22 -04:00
2018-11-08 15:48:14 -05:00
assert . Equal ( t , th . BasicUser . Id , userTermsOfService . UserId )
assert . Equal ( t , termsOfService . Id , userTermsOfService . TermsOfServiceId )
assert . NotEmpty ( t , userTermsOfService . CreateAt )
2018-09-26 16:49:22 -04:00
}
2019-02-12 10:56:41 -05:00
2019-06-10 17:25:25 -04:00
func TestLoginErrorMessage ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2019-06-10 17:25:25 -04:00
2023-06-06 17:29:29 -04:00
_ , err := th . Client . Logout ( context . Background ( ) )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-06-10 17:25:25 -04:00
2026-04-08 15:49:43 -04:00
wrongPassword := model . NewTestPassword ( )
2019-06-10 17:25:25 -04:00
// Email and Username enabled
th . App . UpdateConfig ( func ( cfg * model . Config ) {
* cfg . EmailSettings . EnableSignInWithEmail = true
* cfg . EmailSettings . EnableSignInWithUsername = true
} )
2026-04-08 15:49:43 -04:00
_ , _ , err = th . Client . Login ( context . Background ( ) , th . BasicUser . Email , wrongPassword )
2021-08-13 07:12:16 -04:00
CheckErrorID ( t , err , "api.user.login.invalid_credentials_email_username" )
2019-06-10 17:25:25 -04:00
// Email enabled
th . App . UpdateConfig ( func ( cfg * model . Config ) {
* cfg . EmailSettings . EnableSignInWithEmail = true
* cfg . EmailSettings . EnableSignInWithUsername = false
} )
2026-04-08 15:49:43 -04:00
_ , _ , err = th . Client . Login ( context . Background ( ) , th . BasicUser . Email , wrongPassword )
2021-08-13 07:12:16 -04:00
CheckErrorID ( t , err , "api.user.login.invalid_credentials_email" )
2019-06-10 17:25:25 -04:00
// Username enabled
th . App . UpdateConfig ( func ( cfg * model . Config ) {
* cfg . EmailSettings . EnableSignInWithEmail = false
* cfg . EmailSettings . EnableSignInWithUsername = true
} )
2026-04-08 15:49:43 -04:00
_ , _ , err = th . Client . Login ( context . Background ( ) , th . BasicUser . Email , wrongPassword )
2021-08-13 07:12:16 -04:00
CheckErrorID ( t , err , "api.user.login.invalid_credentials_username" )
2019-06-10 17:25:25 -04:00
// SAML/SSO enabled
th . App . UpdateConfig ( func ( cfg * model . Config ) {
* cfg . SamlSettings . Enable = true
* cfg . SamlSettings . Verify = false
* cfg . SamlSettings . Encrypt = false
2021-08-16 13:46:44 -04:00
* cfg . SamlSettings . IdpURL = "https://localhost/adfs/ls"
* cfg . SamlSettings . IdpDescriptorURL = "https://localhost/adfs/services/trust"
* cfg . SamlSettings . IdpMetadataURL = "https://localhost/adfs/metadata"
2020-06-22 11:36:08 -04:00
* cfg . SamlSettings . ServiceProviderIdentifier = "https://localhost/login/sso/saml"
2019-06-10 17:25:25 -04:00
* cfg . SamlSettings . AssertionConsumerServiceURL = "https://localhost/login/sso/saml"
* cfg . SamlSettings . IdpCertificateFile = app . SamlIdpCertificateName
* cfg . SamlSettings . PrivateKeyFile = app . SamlPrivateKeyName
* cfg . SamlSettings . PublicCertificateFile = app . SamlPublicCertificateName
* cfg . SamlSettings . EmailAttribute = "Email"
* cfg . SamlSettings . UsernameAttribute = "Username"
* cfg . SamlSettings . FirstNameAttribute = "FirstName"
* cfg . SamlSettings . LastNameAttribute = "LastName"
* cfg . SamlSettings . NicknameAttribute = ""
* cfg . SamlSettings . PositionAttribute = ""
* cfg . SamlSettings . LocaleAttribute = ""
} )
2026-04-08 15:49:43 -04:00
_ , _ , err = th . Client . Login ( context . Background ( ) , th . BasicUser . Email , wrongPassword )
2021-08-13 07:12:16 -04:00
CheckErrorID ( t , err , "api.user.login.invalid_credentials_sso" )
2019-06-10 17:25:25 -04:00
}
2019-02-12 10:56:41 -05:00
func TestLoginLockout ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2019-02-12 10:56:41 -05:00
2023-06-06 17:29:29 -04:00
_ , err := th . Client . Logout ( context . Background ( ) )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2019-02-12 10:56:41 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . MaximumLoginAttempts = 3 } )
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . EnableMultifactorAuthentication = true } )
2026-04-08 15:49:43 -04:00
wrongPassword := model . NewTestPassword ( )
_ , _ , err = th . Client . Login ( context . Background ( ) , th . BasicUser . Email , wrongPassword )
2021-08-13 07:12:16 -04:00
CheckErrorID ( t , err , "api.user.login.invalid_credentials_email_username" )
2026-04-08 15:49:43 -04:00
_ , _ , err = th . Client . Login ( context . Background ( ) , th . BasicUser . Email , wrongPassword )
2021-08-13 07:12:16 -04:00
CheckErrorID ( t , err , "api.user.login.invalid_credentials_email_username" )
2026-04-08 15:49:43 -04:00
_ , _ , err = th . Client . Login ( context . Background ( ) , th . BasicUser . Email , wrongPassword )
2021-08-13 07:12:16 -04:00
CheckErrorID ( t , err , "api.user.login.invalid_credentials_email_username" )
2026-04-08 15:49:43 -04:00
_ , _ , err = th . Client . Login ( context . Background ( ) , th . BasicUser . Email , wrongPassword )
2021-08-13 07:12:16 -04:00
CheckErrorID ( t , err , "api.user.check_user_login_attempts.too_many.app_error" )
2026-04-08 15:49:43 -04:00
_ , _ , err = th . Client . Login ( context . Background ( ) , th . BasicUser . Email , wrongPassword )
2021-08-13 07:12:16 -04:00
CheckErrorID ( t , err , "api.user.check_user_login_attempts.too_many.app_error" )
2019-05-28 14:26:02 -04:00
2025-01-27 13:03:16 -05:00
// Check if lock is active
2023-06-06 17:29:29 -04:00
_ , _ , err = th . Client . Login ( context . Background ( ) , th . BasicUser . Email , th . BasicUser . Password )
2021-08-13 07:12:16 -04:00
CheckErrorID ( t , err , "api.user.check_user_login_attempts.too_many.app_error" )
2019-02-12 10:56:41 -05:00
// Fake user has MFA enabled
2022-10-06 04:04:21 -04:00
err = th . Server . Store ( ) . User ( ) . UpdateMfaActive ( th . BasicUser2 . Id , true )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
_ , _ , err = th . Client . LoginWithMFA ( context . Background ( ) , th . BasicUser2 . Email , th . BasicUser2 . Password , "000000" )
2021-08-13 07:12:16 -04:00
CheckErrorID ( t , err , "api.user.check_user_mfa.bad_code.app_error" )
2023-06-06 17:29:29 -04:00
_ , _ , err = th . Client . LoginWithMFA ( context . Background ( ) , th . BasicUser2 . Email , th . BasicUser2 . Password , "000000" )
2021-08-13 07:12:16 -04:00
CheckErrorID ( t , err , "api.user.check_user_mfa.bad_code.app_error" )
2023-06-06 17:29:29 -04:00
_ , _ , err = th . Client . LoginWithMFA ( context . Background ( ) , th . BasicUser2 . Email , th . BasicUser2 . Password , "000000" )
2021-08-13 07:12:16 -04:00
CheckErrorID ( t , err , "api.user.check_user_mfa.bad_code.app_error" )
2023-06-06 17:29:29 -04:00
_ , _ , err = th . Client . LoginWithMFA ( context . Background ( ) , th . BasicUser2 . Email , th . BasicUser2 . Password , "000000" )
2021-08-13 07:12:16 -04:00
CheckErrorID ( t , err , "api.user.check_user_login_attempts.too_many.app_error" )
2023-06-06 17:29:29 -04:00
_ , _ , err = th . Client . LoginWithMFA ( context . Background ( ) , th . BasicUser2 . Email , th . BasicUser2 . Password , "000000" )
2021-08-13 07:12:16 -04:00
CheckErrorID ( t , err , "api.user.check_user_login_attempts.too_many.app_error" )
2019-05-28 14:26:02 -04:00
// Fake user has MFA disabled
2022-10-06 04:04:21 -04:00
err = th . Server . Store ( ) . User ( ) . UpdateMfaActive ( th . BasicUser2 . Id , false )
2021-02-17 03:52:18 -05:00
require . NoError ( t , err )
2019-05-28 14:26:02 -04:00
2025-01-27 13:03:16 -05:00
// Check if lock is active
2023-06-06 17:29:29 -04:00
_ , _ , err = th . Client . Login ( context . Background ( ) , th . BasicUser2 . Email , th . BasicUser2 . Password )
2021-08-13 07:12:16 -04:00
CheckErrorID ( t , err , "api.user.check_user_login_attempts.too_many.app_error" )
2019-02-12 10:56:41 -05:00
}
2020-01-23 13:30:13 -05:00
func TestDemoteUserToGuest ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2020-01-23 13:30:13 -05:00
2021-03-15 13:20:58 -04:00
enableGuestAccounts := * th . App . Config ( ) . GuestAccountsSettings . Enable
defer func ( ) {
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . GuestAccountsSettings . Enable = enableGuestAccounts } )
2024-11-20 11:28:39 -05:00
appErr := th . App . Srv ( ) . RemoveLicense ( )
require . Nil ( t , appErr )
2021-03-15 13:20:58 -04:00
} ( )
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . GuestAccountsSettings . Enable = true } )
th . App . Srv ( ) . SetLicense ( model . NewTestLicense ( ) )
user := th . BasicUser
2022-10-07 09:57:44 -04:00
user2 := th . BasicUser2
t . Run ( "Guest Account not available in license returns forbidden" , func ( t * testing . T ) {
th . App . Srv ( ) . SetLicense ( model . NewTestLicenseWithFalseDefaults ( "guest_accounts" ) )
2023-06-06 17:29:29 -04:00
res , err := th . SystemAdminClient . DoAPIPost ( context . Background ( ) , "/users/" + user2 . Id + "/demote" , "" )
2022-10-07 09:57:44 -04:00
require . Equal ( t , http . StatusForbidden , res . StatusCode )
require . True ( t , strings . Contains ( err . Error ( ) , "Guest accounts are disabled" ) )
require . Error ( t , err )
} )
t . Run ( "Guest Account available in license returns OK" , func ( t * testing . T ) {
th . App . Srv ( ) . SetLicense ( model . NewTestLicense ( "guest_accounts" ) )
2023-06-06 17:29:29 -04:00
res , err := th . SystemAdminClient . DoAPIPost ( context . Background ( ) , "/users/" + user2 . Id + "/demote" , "" )
2022-10-07 09:57:44 -04:00
require . Equal ( t , http . StatusOK , res . StatusCode )
require . NoError ( t , err )
} )
2020-01-23 13:30:13 -05:00
2021-03-15 13:20:58 -04:00
th . TestForSystemAdminAndLocal ( t , func ( t * testing . T , c * model . Client4 ) {
2023-06-06 17:29:29 -04:00
_ , _ , err := c . GetUser ( context . Background ( ) , user . Id , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2021-03-15 13:20:58 -04:00
2023-06-06 17:29:29 -04:00
_ , err = c . DemoteUserToGuest ( context . Background ( ) , user . Id )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2021-03-15 13:20:58 -04:00
2021-05-11 06:00:44 -04:00
defer require . Nil ( t , th . App . PromoteGuestToUser ( th . Context , user , "" ) )
2021-03-15 13:20:58 -04:00
} , "demote a user to guest" )
t . Run ( "websocket update user event" , func ( t * testing . T ) {
2025-01-29 08:58:43 -05:00
webSocketClient := th . CreateConnectedWebSocketClient ( t )
2020-01-23 13:30:13 -05:00
resp := <- webSocketClient . ResponseChannel
2021-07-12 14:05:36 -04:00
require . Equal ( t , model . StatusOk , resp . Status )
2020-01-23 13:30:13 -05:00
2025-01-29 08:58:43 -05:00
adminWebSocketClient := th . CreateConnectedWebSocketClientWithClient ( t , th . SystemAdminClient )
2020-01-23 13:30:13 -05:00
2025-01-29 08:58:43 -05:00
_ , _ , err := th . SystemAdminClient . GetUser ( context . Background ( ) , user . Id , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
_ , err = th . SystemAdminClient . DemoteUserToGuest ( context . Background ( ) , user . Id )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2024-11-20 11:28:39 -05:00
defer func ( ) {
_ , err = th . SystemAdminClient . PromoteGuestToUser ( context . Background ( ) , user . Id )
require . NoError ( t , err )
} ( )
2020-01-23 13:30:13 -05:00
2021-07-12 14:05:36 -04:00
assertExpectedWebsocketEvent ( t , webSocketClient , model . WebsocketEventUserUpdated , func ( event * model . WebSocketEvent ) {
2020-01-23 13:30:13 -05:00
eventUser , ok := event . GetData ( ) [ "user" ] . ( * model . User )
require . True ( t , ok , "expected user" )
assert . Equal ( t , "system_guest" , eventUser . Roles )
} )
2021-07-12 14:05:36 -04:00
assertExpectedWebsocketEvent ( t , adminWebSocketClient , model . WebsocketEventUserUpdated , func ( event * model . WebSocketEvent ) {
2020-01-23 13:30:13 -05:00
eventUser , ok := event . GetData ( ) [ "user" ] . ( * model . User )
require . True ( t , ok , "expected user" )
assert . Equal ( t , "system_guest" , eventUser . Roles )
} )
} )
}
func TestPromoteGuestToUser ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2020-01-23 13:30:13 -05:00
2021-03-15 13:20:58 -04:00
enableGuestAccounts := * th . App . Config ( ) . GuestAccountsSettings . Enable
defer func ( ) {
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . GuestAccountsSettings . Enable = enableGuestAccounts } )
2024-11-20 11:28:39 -05:00
appErr := th . App . Srv ( ) . RemoveLicense ( )
require . Nil ( t , appErr )
2021-03-15 13:20:58 -04:00
} ( )
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . GuestAccountsSettings . Enable = true } )
th . App . Srv ( ) . SetLicense ( model . NewTestLicense ( ) )
2025-03-19 17:27:33 -04:00
user := th . CreateGuestUser ( t )
2020-01-23 13:30:13 -05:00
2021-03-15 13:20:58 -04:00
th . TestForSystemAdminAndLocal ( t , func ( t * testing . T , c * model . Client4 ) {
2023-06-06 17:29:29 -04:00
_ , _ , err := c . GetUser ( context . Background ( ) , user . Id , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2021-03-15 13:20:58 -04:00
2023-06-06 17:29:29 -04:00
_ , err = c . PromoteGuestToUser ( context . Background ( ) , user . Id )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2021-03-15 13:20:58 -04:00
2022-07-14 05:01:29 -04:00
defer require . Nil ( t , th . App . DemoteUserToGuest ( th . Context , user ) )
2022-02-28 04:31:00 -05:00
} , "promote a guest to user" )
2021-03-15 13:20:58 -04:00
t . Run ( "websocket update user event" , func ( t * testing . T ) {
2025-01-29 08:58:43 -05:00
webSocketClient := th . CreateConnectedWebSocketClient ( t )
2020-01-23 13:30:13 -05:00
resp := <- webSocketClient . ResponseChannel
2021-07-12 14:05:36 -04:00
require . Equal ( t , model . StatusOk , resp . Status )
2020-01-23 13:30:13 -05:00
2025-01-29 08:58:43 -05:00
adminWebSocketClient := th . CreateConnectedWebSocketClientWithClient ( t , th . SystemAdminClient )
2020-01-23 13:30:13 -05:00
2025-01-29 08:58:43 -05:00
_ , _ , err := th . SystemAdminClient . GetUser ( context . Background ( ) , user . Id , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
_ , err = th . SystemAdminClient . PromoteGuestToUser ( context . Background ( ) , user . Id )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2024-11-20 11:28:39 -05:00
defer func ( ) {
_ , err = th . SystemAdminClient . DemoteUserToGuest ( context . Background ( ) , user . Id )
require . NoError ( t , err )
} ( )
2020-01-23 13:30:13 -05:00
2021-07-12 14:05:36 -04:00
assertExpectedWebsocketEvent ( t , webSocketClient , model . WebsocketEventUserUpdated , func ( event * model . WebSocketEvent ) {
2020-01-23 13:30:13 -05:00
eventUser , ok := event . GetData ( ) [ "user" ] . ( * model . User )
require . True ( t , ok , "expected user" )
assert . Equal ( t , "system_user" , eventUser . Roles )
} )
2021-07-12 14:05:36 -04:00
assertExpectedWebsocketEvent ( t , adminWebSocketClient , model . WebsocketEventUserUpdated , func ( event * model . WebSocketEvent ) {
2020-01-23 13:30:13 -05:00
eventUser , ok := event . GetData ( ) [ "user" ] . ( * model . User )
require . True ( t , ok , "expected user" )
assert . Equal ( t , "system_user" , eventUser . Roles )
} )
} )
}
2020-04-28 06:52:43 -04:00
2020-06-26 09:08:01 -04:00
func TestVerifyUserEmailWithoutToken ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2020-07-22 04:20:33 -04:00
th := Setup ( t )
2020-06-26 09:08:01 -04:00
2020-07-22 12:27:44 -04:00
th . TestForSystemAdminAndLocal ( t , func ( t * testing . T , client * model . Client4 ) {
2020-06-26 09:08:01 -04:00
email := th . GenerateTestEmail ( )
2026-04-08 15:49:43 -04:00
user := model . User { Email : email , Nickname : "Darth Vader" , Password : model . NewTestPassword ( ) , Username : GenerateTestUsername ( ) , Roles : model . SystemUserRoleId }
ruser , _ , err := th . Client . CreateUser ( context . Background ( ) , & user )
require . NoError ( t , err )
2020-06-26 09:08:01 -04:00
2023-06-06 17:29:29 -04:00
vuser , _ , err := client . VerifyUserEmailWithoutToken ( context . Background ( ) , ruser . Id )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-06-26 09:08:01 -04:00
require . Equal ( t , ruser . Id , vuser . Id )
2020-07-22 12:27:44 -04:00
} , "Should verify a new user" )
2020-06-26 09:08:01 -04:00
2025-10-07 15:46:01 -04:00
th . TestForSystemAdminAndLocal ( t , func ( t * testing . T , client * model . Client4 ) {
// Enable MFA for this test
th . App . Srv ( ) . SetLicense ( model . NewTestLicense ( "mfa" ) )
th . App . UpdateConfig ( func ( cfg * model . Config ) { * cfg . ServiceSettings . EnableMultifactorAuthentication = true } )
email := th . GenerateTestEmail ( )
2026-04-08 15:49:43 -04:00
user := model . User { Email : email , Nickname : "Test User" , Password : model . NewTestPassword ( ) , Username : GenerateTestUsername ( ) , Roles : model . SystemUserRoleId }
ruser , _ , err := th . Client . CreateUser ( context . Background ( ) , & user )
require . NoError ( t , err )
2025-10-07 15:46:01 -04:00
// Set some NotifyProps to ensure we have data to verify is preserved
ruser . NotifyProps = map [ string ] string {
"email" : "true" ,
"push" : "mention" ,
"desktop" : "mention" ,
"channel" : "true" ,
}
_ , appErr := th . App . UpdateUser ( th . Context , ruser , false )
require . Nil ( t , appErr )
// Set up MFA secret for the user
secret , appErr := th . App . GenerateMfaSecret ( ruser . Id )
require . Nil ( t , appErr )
2026-04-08 15:49:43 -04:00
err = th . Server . Store ( ) . User ( ) . UpdateMfaSecret ( ruser . Id , secret . Secret )
2025-10-07 15:46:01 -04:00
require . NoError ( t , err )
// Verify the user has a password hash and MFA secret in the database
dbUser , appErr := th . App . GetUser ( ruser . Id )
require . Nil ( t , appErr )
require . NotEmpty ( t , dbUser . Password , "User should have a password hash in database" )
require . NotEmpty ( t , dbUser . MfaSecret , "User should have MFA secret in database" )
// Call the API endpoint
vuser , _ , err := client . VerifyUserEmailWithoutToken ( context . Background ( ) , ruser . Id )
require . NoError ( t , err )
require . Equal ( t , ruser . Id , vuser . Id )
// Verify sensitive fields are sanitized in the response
require . Empty ( t , vuser . Password , "Password hash should be sanitized from response" )
require . Empty ( t , vuser . MfaSecret , "MFA secret should be sanitized from response" )
// Verify admin-level fields like NotifyProps are preserved for system admin
require . NotEmpty ( t , vuser . NotifyProps , "NotifyProps should be preserved for system admin" )
require . Equal ( t , "true" , vuser . NotifyProps [ "email" ] , "NotifyProps data should be preserved for system admin" )
} , "Should sanitize password hash and MFA secret from response" )
2020-07-22 12:27:44 -04:00
th . TestForSystemAdminAndLocal ( t , func ( t * testing . T , client * model . Client4 ) {
2023-06-06 17:29:29 -04:00
vuser , _ , err := client . VerifyUserEmailWithoutToken ( context . Background ( ) , "randomId" )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
CheckErrorID ( t , err , "api.context.invalid_url_param.app_error" )
2020-06-26 09:08:01 -04:00
require . Nil ( t , vuser )
2020-07-22 12:27:44 -04:00
} , "Should not be able to find user" )
2020-06-26 09:08:01 -04:00
t . Run ( "Should not be able to verify user due to permissions" , func ( t * testing . T ) {
2025-11-12 07:00:51 -05:00
user := th . CreateUser ( t )
2023-06-06 17:29:29 -04:00
vuser , _ , err := th . Client . VerifyUserEmailWithoutToken ( context . Background ( ) , user . Id )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
CheckErrorID ( t , err , "api.context.permissions.app_error" )
2020-06-26 09:08:01 -04:00
require . Nil ( t , vuser )
} )
}
2020-04-28 06:52:43 -04:00
func TestGetKnownUsers ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2020-04-28 06:52:43 -04:00
th := Setup ( t )
2021-05-11 06:00:44 -04:00
t1 , err := th . App . CreateTeam ( th . Context , & model . Team {
2020-04-28 06:52:43 -04:00
DisplayName : "dn_" + model . NewId ( ) ,
Name : GenerateTestTeamName ( ) ,
Email : th . GenerateTestEmail ( ) ,
2021-07-12 14:05:36 -04:00
Type : model . TeamOpen ,
2020-04-28 06:52:43 -04:00
} )
require . Nil ( t , err , "failed to create team" )
2021-05-11 06:00:44 -04:00
t2 , err := th . App . CreateTeam ( th . Context , & model . Team {
2020-04-28 06:52:43 -04:00
DisplayName : "dn_" + model . NewId ( ) ,
Name : GenerateTestTeamName ( ) ,
Email : th . GenerateTestEmail ( ) ,
2021-07-12 14:05:36 -04:00
Type : model . TeamOpen ,
2020-04-28 06:52:43 -04:00
} )
require . Nil ( t , err , "failed to create team" )
2021-05-11 06:00:44 -04:00
t3 , err := th . App . CreateTeam ( th . Context , & model . Team {
2020-04-28 06:52:43 -04:00
DisplayName : "dn_" + model . NewId ( ) ,
Name : GenerateTestTeamName ( ) ,
Email : th . GenerateTestEmail ( ) ,
2021-07-12 14:05:36 -04:00
Type : model . TeamOpen ,
2020-04-28 06:52:43 -04:00
} )
require . Nil ( t , err , "failed to create team" )
2021-05-11 06:00:44 -04:00
c1 , err := th . App . CreateChannel ( th . Context , & model . Channel {
2020-04-28 06:52:43 -04:00
DisplayName : "dn_" + model . NewId ( ) ,
Name : "name_" + model . NewId ( ) ,
2021-07-12 14:05:36 -04:00
Type : model . ChannelTypeOpen ,
2020-04-28 06:52:43 -04:00
TeamId : t1 . Id ,
CreatorId : model . NewId ( ) ,
} , false )
require . Nil ( t , err , "failed to create channel" )
2021-05-11 06:00:44 -04:00
c2 , err := th . App . CreateChannel ( th . Context , & model . Channel {
2020-04-28 06:52:43 -04:00
DisplayName : "dn_" + model . NewId ( ) ,
Name : "name_" + model . NewId ( ) ,
2021-07-12 14:05:36 -04:00
Type : model . ChannelTypeOpen ,
2020-04-28 06:52:43 -04:00
TeamId : t2 . Id ,
CreatorId : model . NewId ( ) ,
} , false )
require . Nil ( t , err , "failed to create channel" )
2021-05-11 06:00:44 -04:00
c3 , err := th . App . CreateChannel ( th . Context , & model . Channel {
2020-04-28 06:52:43 -04:00
DisplayName : "dn_" + model . NewId ( ) ,
Name : "name_" + model . NewId ( ) ,
2021-07-12 14:05:36 -04:00
Type : model . ChannelTypeOpen ,
2020-04-28 06:52:43 -04:00
TeamId : t3 . Id ,
CreatorId : model . NewId ( ) ,
} , false )
require . Nil ( t , err , "failed to create channel" )
2025-11-12 07:00:51 -05:00
u1 := th . CreateUser ( t )
2024-11-20 11:28:39 -05:00
defer func ( ) {
appErr := th . App . PermanentDeleteUser ( th . Context , u1 )
require . Nil ( t , appErr )
} ( )
2025-11-12 07:00:51 -05:00
u2 := th . CreateUser ( t )
2024-11-20 11:28:39 -05:00
defer func ( ) {
appErr := th . App . PermanentDeleteUser ( th . Context , u2 )
require . Nil ( t , appErr )
} ( )
2025-11-12 07:00:51 -05:00
u3 := th . CreateUser ( t )
2024-11-20 11:28:39 -05:00
defer func ( ) {
appErr := th . App . PermanentDeleteUser ( th . Context , u3 )
require . Nil ( t , appErr )
} ( )
2025-11-12 07:00:51 -05:00
u4 := th . CreateUser ( t )
2024-11-20 11:28:39 -05:00
defer func ( ) {
appErr := th . App . PermanentDeleteUser ( th . Context , u4 )
require . Nil ( t , appErr )
} ( )
2020-04-28 06:52:43 -04:00
2025-11-12 07:00:51 -05:00
th . LinkUserToTeam ( t , u1 , t1 )
th . LinkUserToTeam ( t , u1 , t2 )
th . LinkUserToTeam ( t , u2 , t1 )
th . LinkUserToTeam ( t , u3 , t2 )
th . LinkUserToTeam ( t , u4 , t3 )
2020-04-28 06:52:43 -04:00
2024-11-20 11:28:39 -05:00
_ , appErr := th . App . AddUserToChannel ( th . Context , u1 , c1 , false )
require . Nil ( t , appErr )
_ , appErr = th . App . AddUserToChannel ( th . Context , u1 , c2 , false )
require . Nil ( t , appErr )
_ , appErr = th . App . AddUserToChannel ( th . Context , u2 , c1 , false )
require . Nil ( t , appErr )
_ , appErr = th . App . AddUserToChannel ( th . Context , u3 , c2 , false )
require . Nil ( t , appErr )
_ , appErr = th . App . AddUserToChannel ( th . Context , u4 , c3 , false )
require . Nil ( t , appErr )
2020-04-28 06:52:43 -04:00
t . Run ( "get know users sharing no channels" , func ( t * testing . T ) {
2023-06-06 17:29:29 -04:00
_ , _ , _ = th . Client . Login ( context . Background ( ) , u4 . Email , u4 . Password )
userIds , _ , err := th . Client . GetKnownUsers ( context . Background ( ) )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-04-28 06:52:43 -04:00
assert . Empty ( t , userIds )
} )
t . Run ( "get know users sharing one channel" , func ( t * testing . T ) {
2023-06-06 17:29:29 -04:00
_ , _ , _ = th . Client . Login ( context . Background ( ) , u3 . Email , u3 . Password )
userIds , _ , err := th . Client . GetKnownUsers ( context . Background ( ) )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-04-28 06:52:43 -04:00
assert . Len ( t , userIds , 1 )
assert . Equal ( t , userIds [ 0 ] , u1 . Id )
} )
t . Run ( "get know users sharing multiple channels" , func ( t * testing . T ) {
2023-06-06 17:29:29 -04:00
_ , _ , _ = th . Client . Login ( context . Background ( ) , u1 . Email , u1 . Password )
userIds , _ , err := th . Client . GetKnownUsers ( context . Background ( ) )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-04-28 06:52:43 -04:00
assert . Len ( t , userIds , 2 )
assert . ElementsMatch ( t , userIds , [ ] string { u2 . Id , u3 . Id } )
} )
}
2020-06-16 05:41:05 -04:00
func TestPublishUserTyping ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2020-06-16 05:41:05 -04:00
tr := model . TypingRequest {
ChannelId : th . BasicChannel . Id ,
ParentId : "randomparentid" ,
}
t . Run ( "should return ok for non-system admin when triggering typing event for own user" , func ( t * testing . T ) {
2023-06-06 17:29:29 -04:00
_ , err := th . Client . PublishUserTyping ( context . Background ( ) , th . BasicUser . Id , tr )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-06-16 05:41:05 -04:00
} )
t . Run ( "should return ok for system admin when triggering typing event for own user" , func ( t * testing . T ) {
2025-11-12 07:00:51 -05:00
th . LinkUserToTeam ( t , th . SystemAdminUser , th . BasicTeam )
th . AddUserToChannel ( t , th . SystemAdminUser , th . BasicChannel )
2020-06-16 05:41:05 -04:00
2023-06-06 17:29:29 -04:00
_ , err := th . SystemAdminClient . PublishUserTyping ( context . Background ( ) , th . SystemAdminUser . Id , tr )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-06-16 05:41:05 -04:00
} )
t . Run ( "should return forbidden for non-system admin when triggering a typing event for a different user" , func ( t * testing . T ) {
2023-06-06 17:29:29 -04:00
resp , err := th . Client . PublishUserTyping ( context . Background ( ) , th . BasicUser2 . Id , tr )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2020-06-16 05:41:05 -04:00
CheckForbiddenStatus ( t , resp )
} )
t . Run ( "should return bad request when triggering a typing event for an invalid user id" , func ( t * testing . T ) {
2023-06-06 17:29:29 -04:00
resp , err := th . Client . PublishUserTyping ( context . Background ( ) , "invalid" , tr )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
CheckErrorID ( t , err , "api.context.invalid_url_param.app_error" )
2020-06-16 05:41:05 -04:00
CheckBadRequestStatus ( t , resp )
} )
t . Run ( "should send typing event via websocket when triggering a typing event for a user with a common channel" , func ( t * testing . T ) {
2025-01-29 08:58:43 -05:00
webSocketClient := th . CreateConnectedWebSocketClient ( t )
2020-06-16 05:41:05 -04:00
wsResp := <- webSocketClient . ResponseChannel
2021-07-12 14:05:36 -04:00
require . Equal ( t , model . StatusOk , wsResp . Status )
2020-06-16 05:41:05 -04:00
2025-01-29 08:58:43 -05:00
_ , err := th . SystemAdminClient . PublishUserTyping ( context . Background ( ) , th . BasicUser2 . Id , tr )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-06-16 05:41:05 -04:00
2021-07-12 14:05:36 -04:00
assertExpectedWebsocketEvent ( t , webSocketClient , model . WebsocketEventTyping , func ( resp * model . WebSocketEvent ) {
2020-06-16 05:41:05 -04:00
assert . Equal ( t , th . BasicChannel . Id , resp . GetBroadcast ( ) . ChannelId )
eventUserId , ok := resp . GetData ( ) [ "user_id" ] . ( string )
require . True ( t , ok , "expected user_id" )
assert . Equal ( t , th . BasicUser2 . Id , eventUserId )
eventParentId , ok := resp . GetData ( ) [ "parent_id" ] . ( string )
require . True ( t , ok , "expected parent_id" )
assert . Equal ( t , "randomparentid" , eventParentId )
} )
} )
2022-10-06 04:04:21 -04:00
th . Server . Platform ( ) . Busy . Set ( time . Second * 10 )
2020-06-16 05:41:05 -04:00
t . Run ( "should return service unavailable for non-system admin user when triggering a typing event and server busy" , func ( t * testing . T ) {
2023-06-06 17:29:29 -04:00
resp , err := th . Client . PublishUserTyping ( context . Background ( ) , "invalid" , tr )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
CheckErrorID ( t , err , "api.context.server_busy.app_error" )
2020-06-16 05:41:05 -04:00
CheckServiceUnavailableStatus ( t , resp )
} )
t . Run ( "should return service unavailable for system admin user when triggering a typing event and server busy" , func ( t * testing . T ) {
2023-06-06 17:29:29 -04:00
resp , err := th . SystemAdminClient . PublishUserTyping ( context . Background ( ) , th . SystemAdminUser . Id , tr )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
CheckErrorID ( t , err , "api.context.server_busy.app_error" )
2020-06-16 05:41:05 -04:00
CheckServiceUnavailableStatus ( t , resp )
} )
}
2020-07-17 03:00:43 -04:00
func TestConvertUserToBot ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2020-07-17 03:00:43 -04:00
2023-06-06 17:29:29 -04:00
bot , resp , err := th . Client . ConvertUserToBot ( context . Background ( ) , th . BasicUser . Id )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2020-07-17 03:00:43 -04:00
CheckForbiddenStatus ( t , resp )
require . Nil ( t , bot )
th . TestForSystemAdminAndLocal ( t , func ( t * testing . T , client * model . Client4 ) {
2026-04-08 15:49:43 -04:00
user := model . User { Email : th . GenerateTestEmail ( ) , Username : GenerateTestUsername ( ) , Password : model . NewTestPassword ( ) }
2020-07-17 03:00:43 -04:00
2023-06-06 17:29:29 -04:00
ruser , resp , err := client . CreateUser ( context . Background ( ) , & user )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-07-17 03:00:43 -04:00
CheckCreatedStatus ( t , resp )
2023-06-06 17:29:29 -04:00
bot , _ , err = client . ConvertUserToBot ( context . Background ( ) , ruser . Id )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-07-17 03:00:43 -04:00
require . NotNil ( t , bot )
require . Equal ( t , bot . UserId , ruser . Id )
2023-06-06 17:29:29 -04:00
bot , _ , err = client . GetBot ( context . Background ( ) , bot . UserId , "" )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-07-17 03:00:43 -04:00
require . NotNil ( t , bot )
} )
2025-02-20 11:15:44 -05:00
t . Run ( "user cannot login after being converted to bot" , func ( t * testing . T ) {
// Create a new user
2025-11-12 07:00:51 -05:00
user := th . CreateUser ( t )
2025-02-20 11:15:44 -05:00
// Login as the new user to verify login works initially
_ , _ , err := th . Client . Login ( context . Background ( ) , user . Email , user . Password )
require . NoError ( t , err )
// Convert user to bot
_ , _ , err = th . SystemAdminClient . ConvertUserToBot ( context . Background ( ) , user . Id )
require . NoError ( t , err )
// Try to login again - should fail
_ , resp , err := th . Client . Login ( context . Background ( ) , user . Email , user . Password )
require . Error ( t , err )
CheckErrorID ( t , err , "api.user.login.bot_login_forbidden.app_error" )
CheckUnauthorizedStatus ( t , resp )
} )
2020-07-17 03:00:43 -04:00
}
2020-08-31 07:56:36 -04:00
2021-10-26 02:00:59 -04:00
func TestGetChannelMembersWithTeamData ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2021-10-26 02:00:59 -04:00
2023-06-06 17:29:29 -04:00
channels , resp , err := th . Client . GetChannelMembersWithTeamData ( context . Background ( ) , th . BasicUser . Id , 0 , 5 )
2021-10-26 02:00:59 -04:00
require . NoError ( t , err )
CheckOKStatus ( t , resp )
assert . Len ( t , channels , 5 )
for _ , ch := range channels {
assert . Equal ( t , th . BasicTeam . DisplayName , ch . TeamDisplayName )
}
2025-05-12 10:35:46 -04:00
channels , resp , err = th . Client . GetChannelMembersWithTeamData ( context . Background ( ) , th . BasicUser . Id , 0 , 5000 )
require . NoError ( t , err )
CheckOKStatus ( t , resp )
assert . Len ( t , channels , 6 )
for _ , ch := range channels {
assert . Equal ( t , th . BasicTeam . DisplayName , ch . TeamDisplayName )
}
// perPage doesn't matter if page=-1
channels , resp , err = th . Client . GetChannelMembersWithTeamData ( context . Background ( ) , th . BasicUser . Id , - 1 , 2 )
require . NoError ( t , err )
CheckOKStatus ( t , resp )
assert . Equal ( t , "application/x-ndjson" , resp . Header . Get ( "Content-Type" ) )
assert . Len ( t , channels , 6 )
for _ , ch := range channels {
assert . Equal ( t , th . BasicTeam . DisplayName , ch . TeamDisplayName )
}
2021-10-26 02:00:59 -04:00
}
2020-08-31 07:56:36 -04:00
func TestMigrateAuthToLDAP ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2020-08-31 07:56:36 -04:00
2023-06-06 17:29:29 -04:00
resp , err := th . Client . MigrateAuthToLdap ( context . Background ( ) , "email" , "a" , false )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
CheckForbiddenStatus ( t , resp )
2020-08-31 07:56:36 -04:00
th . TestForSystemAdminAndLocal ( t , func ( t * testing . T , client * model . Client4 ) {
2023-06-06 17:29:29 -04:00
resp , err = client . MigrateAuthToLdap ( context . Background ( ) , "email" , "a" , false )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
CheckNotImplementedStatus ( t , resp )
2020-08-31 07:56:36 -04:00
} )
}
func TestMigrateAuthToSAML ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2020-08-31 07:56:36 -04:00
2023-06-06 17:29:29 -04:00
resp , err := th . Client . MigrateAuthToSaml ( context . Background ( ) , "email" , map [ string ] string { "1" : "a" } , true )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
CheckForbiddenStatus ( t , resp )
2020-08-31 07:56:36 -04:00
th . TestForSystemAdminAndLocal ( t , func ( t * testing . T , client * model . Client4 ) {
2023-06-06 17:29:29 -04:00
resp , err = client . MigrateAuthToSaml ( context . Background ( ) , "email" , map [ string ] string { "1" : "a" } , true )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
CheckNotImplementedStatus ( t , resp )
2020-08-31 07:56:36 -04:00
} )
}
2025-01-27 13:03:16 -05:00
2020-10-07 19:41:46 -04:00
func TestUpdatePassword ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2020-10-07 19:41:46 -04:00
th := Setup ( t )
t . Run ( "Forbidden when request performed by system user on a system admin" , func ( t * testing . T ) {
2026-04-08 15:49:43 -04:00
res , err := th . Client . UpdatePassword ( context . Background ( ) , th . SystemAdminUser . Id , th . SystemAdminUser . Password , model . NewTestPassword ( ) )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2020-10-07 19:41:46 -04:00
CheckForbiddenStatus ( t , res )
} )
t . Run ( "OK when request performed by system user with requisite system permission, except if requested user is system admin" , func ( t * testing . T ) {
2025-11-12 07:00:51 -05:00
th . AddPermissionToRole ( t , model . PermissionSysconsoleWriteUserManagementUsers . Id , model . SystemUserRoleId )
defer th . RemovePermissionFromRole ( t , model . PermissionSysconsoleWriteUserManagementUsers . Id , model . SystemUserRoleId )
2020-10-07 19:41:46 -04:00
2026-04-08 15:49:43 -04:00
res , _ := th . Client . UpdatePassword ( context . Background ( ) , th . TeamAdminUser . Id , th . TeamAdminUser . Password , model . NewTestPassword ( ) )
2020-10-07 19:41:46 -04:00
CheckOKStatus ( t , res )
2026-04-08 15:49:43 -04:00
res , err := th . Client . UpdatePassword ( context . Background ( ) , th . SystemAdminUser . Id , th . SystemAdminUser . Password , model . NewTestPassword ( ) )
2021-08-13 07:12:16 -04:00
require . Error ( t , err )
2020-10-07 19:41:46 -04:00
CheckForbiddenStatus ( t , res )
} )
t . Run ( "OK when request performed by system admin, even if requested user is system admin" , func ( t * testing . T ) {
2026-04-08 15:49:43 -04:00
res , _ := th . SystemAdminClient . UpdatePassword ( context . Background ( ) , th . SystemAdminUser . Id , th . SystemAdminUser . Password , model . NewTestPassword ( ) )
2020-10-07 19:41:46 -04:00
CheckOKStatus ( t , res )
} )
}
2020-11-08 03:36:46 -05:00
2023-03-16 12:50:00 -04:00
func TestUpdatePasswordAudit ( t * testing . T ) {
logFile , err := os . CreateTemp ( "" , "adv.log" )
require . NoError ( t , err )
defer os . Remove ( logFile . Name ( ) )
options := [ ] app . Option { app . WithLicense ( model . NewTestLicense ( "advanced_logging" ) ) }
ci: enable fullyparallel mode for server tests (#35816)
* ci: enable fullyparallel mode for server tests
Replace os.Setenv, os.Chdir, and global state mutations with
parallel-safe alternatives (t.Setenv, t.Chdir, test hooks) across
37 files. Refactor GetLogRootPath and MM_INSTALL_TYPE to use
package-level test hooks instead of environment variables.
This enables gotestsum --fullparallel, allowing all test packages
to run with maximum parallelism within each shard.
Co-authored-by: Claude <claude@anthropic.com>
* ci: split fullyparallel from continue-on-error in workflow template
- Add new boolean input 'allow-failure' separate from 'fullyparallel'
- Change continue-on-error to use allow-failure instead of fullyparallel
- Update server-ci.yml to pass allow-failure: true for test coverage job
- Allows independent control of parallel execution and failure tolerance
Co-authored-by: Claude <claude@anthropic.com>
* fix: protect TestOverrideLogRootPath with sync.Mutex for parallel tests
- Replace global var TestOverrideLogRootPath with mutex-protected functions
- Add SetTestOverrideLogRootPath() and getTestOverrideLogRootPath() functions
- Update GetLogRootPath() to use thread-safe getter
- Update all test files to use SetTestOverrideLogRootPath() with t.Cleanup()
- Fixes race condition when running tests with t.Parallel()
Co-authored-by: Claude <claude@anthropic.com>
* fix: configure audit settings before server setup in tests
- Move ExperimentalAuditSettings from UpdateConfig() to config defaults
- Pass audit config via app.Config() option in SetupWithServerOptions()
- Fixes audit test setup ordering to configure BEFORE server initialization
- Resolves CodeRabbit's audit config timing issue in api4 tests
Co-authored-by: Claude <claude@anthropic.com>
* fix: implement SetTestOverrideLogRootPath mutex in logger.go
The previous commit updated test callers to use SetTestOverrideLogRootPath()
but didn't actually create the function in config/logger.go, causing build
failures across all CI shards. This commit:
- Replaces the exported var TestOverrideLogRootPath with mutex-protected
unexported state (testOverrideLogRootPath + testOverrideLogRootMu)
- Adds exported SetTestOverrideLogRootPath() setter
- Adds unexported getTestOverrideLogRootPath() getter
- Updates GetLogRootPath() to use the thread-safe getter
- Fixes log_test.go callers that were missed in the previous commit
Co-authored-by: Claude <claude@anthropic.com>
* fix(test): use SetupConfig for access_control feature flag registration
InitAccessControlPolicy() checks FeatureFlags.AttributeBasedAccessControl
at route registration time during server startup. Setting the flag via
UpdateConfig after Setup() is too late — routes are never registered
and API calls return 404.
Use SetupConfig() to pass the feature flag in the initial config before
server startup, ensuring routes are properly registered.
Co-authored-by: Claude <claude@anthropic.com>
* fix(test): restore BurnOnRead flag state in TestRevealPost subtest
The 'feature not enabled' subtest disables BurnOnRead without restoring
it via t.Cleanup. Subsequent subtests inherit the disabled state, which
can cause 501 errors when they expect the feature to be available.
Add t.Cleanup to restore FeatureFlags.BurnOnRead = true after the
subtest completes.
Co-authored-by: Claude <claude@anthropic.com>
* fix(test): restore EnableSharedChannelsMemberSync flag via t.Cleanup
The test disables EnableSharedChannelsMemberSync without restoring it.
If the subtest exits early (e.g., require failure), later sibling
subtests inherit a disabled flag and become flaky.
Add t.Cleanup to restore the flag after the subtest completes.
Co-authored-by: Claude <claude@anthropic.com>
* Fix test parallelism: use instance-scoped overrides and init-time audit config
Replace package-level test globals (TestOverrideInstallType,
SetTestOverrideLogRootPath) with fields on PlatformService so each test
gets its own instance without process-wide mutation. Fix three audit
tests (TestUserLoginAudit, TestLogoutAuditAuthStatus,
TestUpdatePasswordAudit) that configured the audit logger after server
init — the audit logger only reads config at startup, so pass audit
settings via app.Config() at init time instead.
Also revert the Go 1.24.13 downgrade and bump mattermost-govet to
v2.0.2 for Go 1.25.8 compatibility.
* Fix audit unit tests
* Fix MMCLOUDURL unit tests
* Fixed unit tests using MM_NOTIFY_ADMIN_COOL_OFF_DAYS
* Make app migrations idempotent for parallel test safety
Change System().Save() to System().SaveOrUpdate() in all migration
completion markers. When two parallel tests share a database pool entry,
both may race through the check-then-insert migration pattern. Save()
causes a duplicate key fatal crash; SaveOrUpdate() makes the second
write a harmless no-op.
* test: address review feedback on fullyparallel PR
- Use SetLogRootPathOverride() setter instead of direct field access
in platform/support_packet_test.go and platform/log_test.go (pvev)
- Restore TestGetLogRootPath in config/logger_test.go to keep
MM_LOG_PATH env var coverage; test uses t.Setenv so it runs
serially which is fine (pvev)
- Fix misleading comment in config_test.go: code uses t.Setenv,
not os.Setenv (jgheithcock)
Co-authored-by: Claude <claude@anthropic.com>
* fix: add missing os import in post_test.go
The os import was dropped during a merge conflict resolution while
burn-on-read shared channel tests from master still use os.Setenv.
Co-authored-by: Claude <claude@anthropic.com>
---------
Co-authored-by: Claude <claude@anthropic.com>
Co-authored-by: wiggin77 <wiggin77@warpmail.net>
Co-authored-by: Mattermost Build <build@mattermost.com>
2026-04-08 20:48:36 -04:00
th := SetupWithServerOptionsAndConfig ( t , options , func ( cfg * model . Config ) {
cfg . ExperimentalAuditSettings . FileEnabled = model . NewPointer ( true )
cfg . ExperimentalAuditSettings . FileName = model . NewPointer ( logFile . Name ( ) )
} )
2023-03-16 12:50:00 -04:00
2026-04-08 15:49:43 -04:00
password := model . NewTestPassword ( )
2025-11-12 07:00:51 -05:00
th . LoginBasic ( t )
2023-06-06 17:29:29 -04:00
resp , err := th . Client . UpdatePassword ( context . Background ( ) , th . BasicUser . Id , th . BasicUser . Password , password )
2023-03-16 12:50:00 -04:00
require . NoError ( t , err )
CheckOKStatus ( t , resp )
// Forcing a flush before attempting to read log's content.
err = th . Server . Audit . Flush ( )
require . NoError ( t , err )
require . NoError ( t , logFile . Sync ( ) )
data , err := io . ReadAll ( logFile )
require . NoError ( t , err )
require . NotEmpty ( t , data )
require . Contains ( t , string ( data ) , th . BasicUser . Id )
require . NotContains ( t , string ( data ) , password )
}
2020-11-08 03:36:46 -05:00
func TestGetThreadsForUser ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2020-11-08 03:36:46 -05:00
2021-01-31 05:28:14 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) {
* cfg . ServiceSettings . ThreadAutoFollow = true
2021-07-12 14:05:36 -04:00
* cfg . ServiceSettings . CollapsedThreads = model . CollapsedThreadsDefaultOn
2021-01-31 05:28:14 -05:00
} )
2023-05-18 14:14:12 -04:00
th . App . Srv ( ) . SetLicense ( model . NewTestLicenseSKU ( model . LicenseShortSkuProfessional ) )
2020-11-08 03:36:46 -05:00
t . Run ( "empty" , func ( t * testing . T ) {
2021-08-13 07:12:16 -04:00
client := th . Client
2020-11-08 03:36:46 -05:00
2023-06-06 17:29:29 -04:00
_ , resp , err := client . CreatePost ( context . Background ( ) , & model . Post { ChannelId : th . BasicChannel . Id , Message : "testMsg" } )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-11-08 03:36:46 -05:00
CheckCreatedStatus ( t , resp )
2024-11-20 11:28:39 -05:00
defer func ( ) {
err = th . App . Srv ( ) . Store ( ) . Post ( ) . PermanentDeleteByUser ( th . Context , th . BasicUser . Id )
require . NoError ( t , err )
} ( )
2020-11-08 03:36:46 -05:00
2023-06-06 17:29:29 -04:00
uss , _ , err := th . Client . GetUserThreads ( context . Background ( ) , th . BasicUser . Id , th . BasicTeam . Id , model . GetUserThreadsOpts { } )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-11-08 03:36:46 -05:00
require . Len ( t , uss . Threads , 0 )
} )
t . Run ( "no params, 1 thread" , func ( t * testing . T ) {
2021-08-13 07:12:16 -04:00
client := th . Client
2020-11-08 03:36:46 -05:00
2023-06-06 17:29:29 -04:00
rpost , resp , err := client . CreatePost ( context . Background ( ) , & model . Post { ChannelId : th . BasicChannel . Id , Message : "testMsg" } )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
CheckCreatedStatus ( t , resp )
2023-06-06 17:29:29 -04:00
_ , resp , err = client . CreatePost ( context . Background ( ) , & model . Post { ChannelId : th . BasicChannel . Id , Message : "testReply" , RootId : rpost . Id } )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-11-08 03:36:46 -05:00
CheckCreatedStatus ( t , resp )
2024-11-20 11:28:39 -05:00
defer func ( ) {
err = th . App . Srv ( ) . Store ( ) . Post ( ) . PermanentDeleteByUser ( th . Context , th . BasicUser . Id )
require . NoError ( t , err )
} ( )
2020-11-08 03:36:46 -05:00
2023-06-06 17:29:29 -04:00
uss , _ , err := th . Client . GetUserThreads ( context . Background ( ) , th . BasicUser . Id , th . BasicTeam . Id , model . GetUserThreadsOpts { } )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-11-08 03:36:46 -05:00
require . Len ( t , uss . Threads , 1 )
require . Equal ( t , uss . Threads [ 0 ] . PostId , rpost . Id )
require . Equal ( t , uss . Threads [ 0 ] . ReplyCount , int64 ( 1 ) )
} )
t . Run ( "extended, 1 thread" , func ( t * testing . T ) {
2021-08-13 07:12:16 -04:00
client := th . Client
2020-11-08 03:36:46 -05:00
2023-06-06 17:29:29 -04:00
rpost , resp , err := client . CreatePost ( context . Background ( ) , & model . Post { ChannelId : th . BasicChannel . Id , Message : "testMsg" } )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
CheckCreatedStatus ( t , resp )
2023-06-06 17:29:29 -04:00
_ , resp , err = client . CreatePost ( context . Background ( ) , & model . Post { ChannelId : th . BasicChannel . Id , Message : "testReply" , RootId : rpost . Id } )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-11-08 03:36:46 -05:00
CheckCreatedStatus ( t , resp )
2024-11-20 11:28:39 -05:00
defer func ( ) {
err = th . App . Srv ( ) . Store ( ) . Post ( ) . PermanentDeleteByUser ( th . Context , th . BasicUser . Id )
require . NoError ( t , err )
} ( )
2020-11-08 03:36:46 -05:00
2023-06-06 17:29:29 -04:00
uss , _ , err := th . Client . GetUserThreads ( context . Background ( ) , th . BasicUser . Id , th . BasicTeam . Id , model . GetUserThreadsOpts {
2020-11-08 03:36:46 -05:00
Extended : true ,
} )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-11-08 03:36:46 -05:00
require . Len ( t , uss . Threads , 1 )
require . Equal ( t , uss . Threads [ 0 ] . PostId , rpost . Id )
require . Equal ( t , uss . Threads [ 0 ] . ReplyCount , int64 ( 1 ) )
require . Equal ( t , uss . Threads [ 0 ] . Participants [ 0 ] . Id , th . BasicUser . Id )
} )
t . Run ( "deleted, 1 thread" , func ( t * testing . T ) {
2021-08-13 07:12:16 -04:00
client := th . Client
2020-11-08 03:36:46 -05:00
2023-06-06 17:29:29 -04:00
rpost , resp , err := client . CreatePost ( context . Background ( ) , & model . Post { ChannelId : th . BasicChannel . Id , Message : "testMsg" } )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
CheckCreatedStatus ( t , resp )
2023-06-06 17:29:29 -04:00
_ , resp , err = client . CreatePost ( context . Background ( ) , & model . Post { ChannelId : th . BasicChannel . Id , Message : "testReply" , RootId : rpost . Id } )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-11-08 03:36:46 -05:00
CheckCreatedStatus ( t , resp )
2024-11-20 11:28:39 -05:00
defer func ( ) {
err = th . App . Srv ( ) . Store ( ) . Post ( ) . PermanentDeleteByUser ( th . Context , th . BasicUser . Id )
require . NoError ( t , err )
} ( )
2020-11-08 03:36:46 -05:00
2023-06-06 17:29:29 -04:00
uss , _ , err := th . Client . GetUserThreads ( context . Background ( ) , th . BasicUser . Id , th . BasicTeam . Id , model . GetUserThreadsOpts {
2021-01-31 05:28:14 -05:00
Deleted : false ,
2020-11-08 03:36:46 -05:00
} )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-11-08 03:36:46 -05:00
require . Len ( t , uss . Threads , 1 )
require . Equal ( t , uss . Threads [ 0 ] . PostId , rpost . Id )
require . Equal ( t , uss . Threads [ 0 ] . ReplyCount , int64 ( 1 ) )
require . Equal ( t , uss . Threads [ 0 ] . Participants [ 0 ] . Id , th . BasicUser . Id )
2023-06-06 17:29:29 -04:00
_ , err = th . Client . DeletePost ( context . Background ( ) , rpost . Id )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-11-08 03:36:46 -05:00
2023-06-06 17:29:29 -04:00
uss , _ , err = th . Client . GetUserThreads ( context . Background ( ) , th . BasicUser . Id , th . BasicTeam . Id , model . GetUserThreadsOpts {
2021-01-31 05:28:14 -05:00
Deleted : false ,
2020-11-08 03:36:46 -05:00
} )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-11-08 03:36:46 -05:00
require . Len ( t , uss . Threads , 0 )
2023-06-06 17:29:29 -04:00
uss , _ , err = th . Client . GetUserThreads ( context . Background ( ) , th . BasicUser . Id , th . BasicTeam . Id , model . GetUserThreadsOpts {
2021-01-31 05:28:14 -05:00
Deleted : true ,
2020-11-08 03:36:46 -05:00
} )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-11-08 03:36:46 -05:00
require . Len ( t , uss . Threads , 1 )
require . Greater ( t , uss . Threads [ 0 ] . Post . DeleteAt , int64 ( 0 ) )
2022-11-23 14:08:21 -05:00
} )
2023-05-18 14:14:12 -04:00
t . Run ( "throw error when post-priority service-setting is off" , func ( t * testing . T ) {
th . App . UpdateConfig ( func ( cfg * model . Config ) {
* cfg . ServiceSettings . PostPriority = false
} )
2022-11-23 14:08:21 -05:00
2023-05-18 14:14:12 -04:00
client := th . Client
2022-11-23 14:08:21 -05:00
2023-06-06 17:29:29 -04:00
_ , resp , err := client . CreatePost ( context . Background ( ) , & model . Post {
2023-05-18 14:14:12 -04:00
ChannelId : th . BasicChannel . Id ,
Message : "testMsg" ,
Metadata : & model . PostMetadata {
Priority : & model . PostPriority {
2024-08-05 23:45:00 -04:00
Priority : model . NewPointer ( model . PostPriorityUrgent ) ,
2023-05-18 14:14:12 -04:00
} ,
} ,
} )
require . Error ( t , err )
CheckForbiddenStatus ( t , resp )
} )
2022-11-23 14:08:21 -05:00
2023-05-18 14:14:12 -04:00
t . Run ( "throw error when post-priority is set for a reply" , func ( t * testing . T ) {
th . App . UpdateConfig ( func ( cfg * model . Config ) {
* cfg . ServiceSettings . PostPriority = true
} )
2022-11-23 14:08:21 -05:00
2023-05-18 14:14:12 -04:00
client := th . Client
2020-11-08 03:36:46 -05:00
2024-11-20 11:28:39 -05:00
defer func ( ) {
err := th . App . Srv ( ) . Store ( ) . Post ( ) . PermanentDeleteByUser ( th . Context , th . BasicUser . Id )
require . NoError ( t , err )
} ( )
2023-05-18 14:14:12 -04:00
2023-06-06 17:29:29 -04:00
rpost , resp , err := client . CreatePost ( context . Background ( ) , & model . Post { ChannelId : th . BasicChannel . Id , Message : "testMsg" } )
2023-05-18 14:14:12 -04:00
require . NoError ( t , err )
CheckCreatedStatus ( t , resp )
2023-06-06 17:29:29 -04:00
_ , resp , err = client . CreatePost ( context . Background ( ) , & model . Post {
2023-05-18 14:14:12 -04:00
RootId : rpost . Id ,
ChannelId : th . BasicChannel . Id ,
Message : "testReply" ,
Metadata : & model . PostMetadata {
Priority : & model . PostPriority {
2024-08-05 23:45:00 -04:00
Priority : model . NewPointer ( model . PostPriorityUrgent ) ,
2023-05-18 14:14:12 -04:00
} ,
} ,
} )
require . Error ( t , err )
CheckBadRequestStatus ( t , resp )
} )
t . Run ( "isUrgent, 1 thread" , func ( t * testing . T ) {
th . App . UpdateConfig ( func ( cfg * model . Config ) {
* cfg . ServiceSettings . PostPriority = true
} )
client := th . Client
2023-06-06 17:29:29 -04:00
rpost , resp , err := client . CreatePost ( context . Background ( ) , & model . Post {
2023-05-18 14:14:12 -04:00
ChannelId : th . BasicChannel . Id ,
Message : "testMsg" ,
Metadata : & model . PostMetadata {
Priority : & model . PostPriority {
2024-08-05 23:45:00 -04:00
Priority : model . NewPointer ( model . PostPriorityUrgent ) ,
2023-05-18 14:14:12 -04:00
} ,
} ,
} )
require . NoError ( t , err )
CheckCreatedStatus ( t , resp )
2023-06-06 17:29:29 -04:00
_ , resp , err = client . CreatePost ( context . Background ( ) , & model . Post { ChannelId : th . BasicChannel . Id , Message : "testReply" , RootId : rpost . Id } )
2023-05-18 14:14:12 -04:00
require . NoError ( t , err )
CheckCreatedStatus ( t , resp )
2024-11-20 11:28:39 -05:00
defer func ( ) {
err = th . App . Srv ( ) . Store ( ) . Post ( ) . PermanentDeleteByUser ( th . Context , th . BasicUser . Id )
require . NoError ( t , err )
} ( )
2023-05-18 14:14:12 -04:00
2023-06-06 17:29:29 -04:00
uss , _ , err := th . Client . GetUserThreads ( context . Background ( ) , th . BasicUser . Id , th . BasicTeam . Id , model . GetUserThreadsOpts { } )
2023-05-18 14:14:12 -04:00
require . NoError ( t , err )
require . Len ( t , uss . Threads , 1 )
require . Equal ( t , true , uss . Threads [ 0 ] . IsUrgent )
2020-11-08 03:36:46 -05:00
} )
t . Run ( "paged, 30 threads" , func ( t * testing . T ) {
2021-08-13 07:12:16 -04:00
client := th . Client
2020-11-08 03:36:46 -05:00
var rootIds [ ] * model . Post
2025-07-18 06:54:51 -04:00
for range 30 {
2023-06-06 17:29:29 -04:00
rpost , resp , err := client . CreatePost ( context . Background ( ) , & model . Post { ChannelId : th . BasicChannel . Id , Message : "testMsg" } )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-11-08 03:36:46 -05:00
CheckCreatedStatus ( t , resp )
rootIds = append ( rootIds , rpost )
2023-06-06 17:29:29 -04:00
_ , resp , err = client . CreatePost ( context . Background ( ) , & model . Post { ChannelId : th . BasicChannel . Id , Message : "testReply" , RootId : rpost . Id } )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
CheckCreatedStatus ( t , resp )
2020-11-08 03:36:46 -05:00
}
2024-11-20 11:28:39 -05:00
defer func ( ) {
err := th . App . Srv ( ) . Store ( ) . Post ( ) . PermanentDeleteByUser ( th . Context , th . BasicUser . Id )
require . NoError ( t , err )
} ( )
2020-11-08 03:36:46 -05:00
2023-06-06 17:29:29 -04:00
uss , _ , err := th . Client . GetUserThreads ( context . Background ( ) , th . BasicUser . Id , th . BasicTeam . Id , model . GetUserThreadsOpts {
2021-08-31 09:46:54 -04:00
Deleted : false ,
PageSize : 30 ,
2020-11-08 03:36:46 -05:00
} )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-11-08 03:36:46 -05:00
require . Len ( t , uss . Threads , 30 )
require . Len ( t , rootIds , 30 )
require . Equal ( t , uss . Threads [ 0 ] . PostId , rootIds [ 29 ] . Id )
require . Equal ( t , uss . Threads [ 0 ] . ReplyCount , int64 ( 1 ) )
require . Equal ( t , uss . Threads [ 0 ] . Participants [ 0 ] . Id , th . BasicUser . Id )
} )
2021-01-31 05:28:14 -05:00
t . Run ( "paged, 10 threads before/after" , func ( t * testing . T ) {
2021-08-13 07:12:16 -04:00
client := th . Client
2021-01-31 05:28:14 -05:00
var rootIds [ ] * model . Post
2025-07-18 06:54:51 -04:00
for i := range 30 {
2021-08-13 07:12:16 -04:00
rpost , _ := postAndCheck ( t , client , & model . Post { ChannelId : th . BasicChannel . Id , Message : fmt . Sprintf ( "testMsg-%d" , i ) } )
2021-01-31 05:28:14 -05:00
rootIds = append ( rootIds , rpost )
2021-08-13 07:12:16 -04:00
postAndCheck ( t , client , & model . Post { ChannelId : th . BasicChannel . Id , Message : fmt . Sprintf ( "testReply-%d" , i ) , RootId : rpost . Id } )
2021-01-31 05:28:14 -05:00
}
rootId := rootIds [ 15 ] . Id // middle point
rootIdBefore := rootIds [ 14 ] . Id
rootIdAfter := rootIds [ 16 ] . Id
2024-11-20 11:28:39 -05:00
defer func ( ) {
err := th . App . Srv ( ) . Store ( ) . Post ( ) . PermanentDeleteByUser ( th . Context , th . BasicUser . Id )
require . NoError ( t , err )
} ( )
2021-01-31 05:28:14 -05:00
2023-06-06 17:29:29 -04:00
uss , _ , err := th . Client . GetUserThreads ( context . Background ( ) , th . BasicUser . Id , th . BasicTeam . Id , model . GetUserThreadsOpts {
2021-01-31 05:28:14 -05:00
Deleted : false ,
PageSize : 10 ,
Before : rootId ,
} )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2021-01-31 05:28:14 -05:00
require . Len ( t , uss . Threads , 10 )
2021-07-22 10:24:20 -04:00
require . Equal ( t , rootIdBefore , uss . Threads [ 0 ] . PostId )
2021-01-31 05:28:14 -05:00
2023-06-06 17:29:29 -04:00
uss2 , _ , err := th . Client . GetUserThreads ( context . Background ( ) , th . BasicUser . Id , th . BasicTeam . Id , model . GetUserThreadsOpts {
2021-01-31 05:28:14 -05:00
Deleted : false ,
PageSize : 10 ,
After : rootId ,
} )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2021-01-31 05:28:14 -05:00
require . Len ( t , uss2 . Threads , 10 )
2021-07-22 10:24:20 -04:00
require . Equal ( t , rootIdAfter , uss2 . Threads [ 0 ] . PostId )
2021-01-31 05:28:14 -05:00
2023-06-06 17:29:29 -04:00
uss3 , _ , err := th . Client . GetUserThreads ( context . Background ( ) , th . BasicUser . Id , th . BasicTeam . Id , model . GetUserThreadsOpts {
2021-02-15 08:42:05 -05:00
Deleted : false ,
PageSize : 10 ,
After : rootId + "__bad" ,
} )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2021-02-15 08:42:05 -05:00
require . NotNil ( t , uss3 . Threads )
require . Len ( t , uss3 . Threads , 0 )
2021-01-31 05:28:14 -05:00
} )
2021-05-25 07:38:14 -04:00
2022-04-04 08:20:13 -04:00
t . Run ( "totalsOnly param" , func ( t * testing . T ) {
client := th . Client
sysadminClient := th . SystemAdminClient
var rootIds [ ] * model . Post
2025-07-18 06:54:51 -04:00
for i := range 10 {
2023-06-06 17:29:29 -04:00
rpost , resp , err := client . CreatePost ( context . Background ( ) , & model . Post { ChannelId : th . BasicChannel . Id , Message : "testMsg" } )
2022-04-04 08:20:13 -04:00
require . NoError ( t , err )
CheckCreatedStatus ( t , resp )
rootIds = append ( rootIds , rpost )
if i % 2 == 0 {
2023-06-06 17:29:29 -04:00
_ , resp , err = client . CreatePost ( context . Background ( ) , & model . Post { ChannelId : th . BasicChannel . Id , Message : "testReply" , RootId : rpost . Id } )
2022-04-04 08:20:13 -04:00
} else {
2023-06-06 17:29:29 -04:00
_ , resp , err = sysadminClient . CreatePost ( context . Background ( ) , & model . Post { ChannelId : th . BasicChannel . Id , Message : "testReply @" + th . BasicUser . Username , RootId : rpost . Id } )
2022-04-04 08:20:13 -04:00
}
require . NoError ( t , err )
CheckCreatedStatus ( t , resp )
}
2024-11-20 11:28:39 -05:00
defer func ( ) {
err := th . App . Srv ( ) . Store ( ) . Post ( ) . PermanentDeleteByUser ( th . Context , th . BasicUser . Id )
require . NoError ( t , err )
err = th . App . Srv ( ) . Store ( ) . Post ( ) . PermanentDeleteByUser ( th . Context , th . SystemAdminUser . Id )
require . NoError ( t , err )
} ( )
2022-04-04 08:20:13 -04:00
2023-06-06 17:29:29 -04:00
uss , _ , err := th . Client . GetUserThreads ( context . Background ( ) , th . BasicUser . Id , th . BasicTeam . Id , model . GetUserThreadsOpts {
2022-04-04 08:20:13 -04:00
Deleted : false ,
TotalsOnly : true ,
PageSize : 30 ,
} )
require . NoError ( t , err )
require . Len ( t , uss . Threads , 0 )
require . Len ( t , rootIds , 10 )
require . Equal ( t , int64 ( 10 ) , uss . Total )
require . Equal ( t , int64 ( 5 ) , uss . TotalUnreadThreads )
require . Equal ( t , int64 ( 5 ) , uss . TotalUnreadMentions )
} )
t . Run ( "threadsOnly param" , func ( t * testing . T ) {
client := th . Client
sysadminClient := th . SystemAdminClient
var rootIds [ ] * model . Post
2025-07-18 06:54:51 -04:00
for i := range 10 {
2023-06-06 17:29:29 -04:00
rpost , resp , err := client . CreatePost ( context . Background ( ) , & model . Post { ChannelId : th . BasicChannel . Id , Message : "testMsg" } )
2022-04-04 08:20:13 -04:00
require . NoError ( t , err )
CheckCreatedStatus ( t , resp )
rootIds = append ( rootIds , rpost )
if i % 2 == 0 {
2023-06-06 17:29:29 -04:00
_ , resp , err = client . CreatePost ( context . Background ( ) , & model . Post { ChannelId : th . BasicChannel . Id , Message : "testReply" , RootId : rpost . Id } )
2022-04-04 08:20:13 -04:00
} else {
2023-06-06 17:29:29 -04:00
_ , resp , err = sysadminClient . CreatePost ( context . Background ( ) , & model . Post { ChannelId : th . BasicChannel . Id , Message : "testReply @" + th . BasicUser . Username , RootId : rpost . Id } )
2022-04-04 08:20:13 -04:00
}
require . NoError ( t , err )
CheckCreatedStatus ( t , resp )
}
2024-11-20 11:28:39 -05:00
defer func ( ) {
err := th . App . Srv ( ) . Store ( ) . Post ( ) . PermanentDeleteByUser ( th . Context , th . BasicUser . Id )
require . NoError ( t , err )
err = th . App . Srv ( ) . Store ( ) . Post ( ) . PermanentDeleteByUser ( th . Context , th . SystemAdminUser . Id )
require . NoError ( t , err )
} ( )
2022-04-04 08:20:13 -04:00
2023-06-06 17:29:29 -04:00
uss , _ , err := th . Client . GetUserThreads ( context . Background ( ) , th . BasicUser . Id , th . BasicTeam . Id , model . GetUserThreadsOpts {
2022-04-04 08:20:13 -04:00
Deleted : false ,
ThreadsOnly : true ,
PageSize : 30 ,
} )
require . NoError ( t , err )
require . Len ( t , rootIds , 10 )
require . Len ( t , uss . Threads , 10 )
require . Equal ( t , int64 ( 0 ) , uss . Total )
require . Equal ( t , int64 ( 0 ) , uss . TotalUnreadThreads )
require . Equal ( t , int64 ( 0 ) , uss . TotalUnreadMentions )
require . Equal ( t , int64 ( 1 ) , uss . Threads [ 0 ] . ReplyCount )
require . Equal ( t , rootIds [ 9 ] . Id , uss . Threads [ 0 ] . PostId )
require . Equal ( t , th . SystemAdminUser . Id , uss . Threads [ 0 ] . Participants [ 0 ] . Id )
require . Equal ( t , th . BasicUser . Id , uss . Threads [ 1 ] . Participants [ 0 ] . Id )
} )
t . Run ( "setting both threadsOnly, and totalsOnly params is not allowed" , func ( t * testing . T ) {
2024-11-20 11:28:39 -05:00
defer func ( ) {
err := th . App . Srv ( ) . Store ( ) . Post ( ) . PermanentDeleteByUser ( th . Context , th . BasicUser . Id )
require . NoError ( t , err )
} ( )
2022-04-04 08:20:13 -04:00
2023-06-06 17:29:29 -04:00
_ , resp , err := th . Client . GetUserThreads ( context . Background ( ) , th . BasicUser . Id , th . BasicTeam . Id , model . GetUserThreadsOpts {
2022-04-04 08:20:13 -04:00
ThreadsOnly : true ,
TotalsOnly : true ,
PageSize : 30 ,
} )
require . Error ( t , err )
checkHTTPStatus ( t , resp , http . StatusBadRequest )
} )
2021-05-25 07:38:14 -04:00
t . Run ( "editing or reacting to reply post does not make thread unread" , func ( t * testing . T ) {
2021-08-13 07:12:16 -04:00
client := th . Client
2021-05-25 07:38:14 -04:00
2021-08-13 07:12:16 -04:00
rootPost , _ := postAndCheck ( t , client , & model . Post { ChannelId : th . BasicChannel . Id , Message : "root post" } )
2021-05-25 07:38:14 -04:00
replyPost , _ := postAndCheck ( t , th . SystemAdminClient , & model . Post { ChannelId : th . BasicChannel . Id , Message : "reply post" , RootId : rootPost . Id } )
2023-06-06 17:29:29 -04:00
uss , _ , err := th . Client . GetUserThreads ( context . Background ( ) , th . BasicUser . Id , th . BasicTeam . Id , model . GetUserThreadsOpts {
2021-05-25 07:38:14 -04:00
Deleted : false ,
} )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2021-05-25 07:38:14 -04:00
require . Equal ( t , uss . TotalUnreadThreads , int64 ( 1 ) )
require . Equal ( t , uss . Threads [ 0 ] . PostId , rootPost . Id )
2023-06-06 17:29:29 -04:00
_ , _ , err = th . Client . UpdateThreadReadForUser ( context . Background ( ) , th . BasicUser . Id , th . BasicChannel . TeamId , rootPost . Id , model . GetMillis ( ) )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
uss , _ , err = th . Client . GetUserThreads ( context . Background ( ) , th . BasicUser . Id , th . BasicTeam . Id , model . GetUserThreadsOpts {
2021-05-25 07:38:14 -04:00
Deleted : false ,
} )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2021-05-25 07:38:14 -04:00
require . Equal ( t , uss . TotalUnreadThreads , int64 ( 0 ) )
// edit post
editedReplyPostMessage := "edited " + replyPost . Message
2023-06-06 17:29:29 -04:00
_ , _ , err = th . SystemAdminClient . PatchPost ( context . Background ( ) , replyPost . Id , & model . PostPatch { Message : & editedReplyPostMessage } )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
uss , _ , err = th . Client . GetUserThreads ( context . Background ( ) , th . BasicUser . Id , th . BasicTeam . Id , model . GetUserThreadsOpts {
2021-05-25 07:38:14 -04:00
Deleted : false ,
} )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2021-05-25 07:38:14 -04:00
require . Equal ( t , uss . TotalUnreadThreads , int64 ( 0 ) )
// react to post
reaction := & model . Reaction {
UserId : th . SystemAdminUser . Id ,
PostId : replyPost . Id ,
EmojiName : "smile" ,
}
2023-06-06 17:29:29 -04:00
_ , _ , err = th . SystemAdminClient . SaveReaction ( context . Background ( ) , reaction )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
uss , _ , err = th . Client . GetUserThreads ( context . Background ( ) , th . BasicUser . Id , th . BasicTeam . Id , model . GetUserThreadsOpts {
2021-05-25 07:38:14 -04:00
Deleted : false ,
} )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2021-05-25 07:38:14 -04:00
require . Equal ( t , uss . TotalUnreadThreads , int64 ( 0 ) )
} )
2023-02-03 09:20:10 -05:00
t . Run ( "Since should return threads with new replies and updated memberships" , func ( t * testing . T ) {
client := th . Client
// Create "thread 1"
rootPost1 , _ := postAndCheck ( t , client , & model . Post { ChannelId : th . BasicChannel . Id , Message : "Thread 1" } )
postAndCheck ( t , th . SystemAdminClient , & model . Post { ChannelId : th . BasicChannel . Id , Message : "Thread 1, reply 1" , RootId : rootPost1 . Id } )
2023-06-06 17:29:29 -04:00
uss , _ , err := th . Client . GetUserThreads ( context . Background ( ) , th . BasicUser . Id , th . BasicTeam . Id , model . GetUserThreadsOpts {
2023-02-03 09:20:10 -05:00
Since : uint64 ( rootPost1 . CreateAt ) ,
} )
require . NoError ( t , err )
require . Len ( t , uss . Threads , 1 )
// Should not fetch any threads since there are no new replies/new threads since the membership is updated
threadMembership , _ := th . App . GetThreadMembershipForUser ( th . BasicUser . Id , rootPost1 . Id )
2023-06-06 17:29:29 -04:00
uss , _ , err = th . Client . GetUserThreads ( context . Background ( ) , th . BasicUser . Id , th . BasicTeam . Id , model . GetUserThreadsOpts {
2023-02-03 09:20:10 -05:00
Since : uint64 ( threadMembership . LastUpdated ) + 1 ,
} )
require . NoError ( t , err )
require . Len ( t , uss . Threads , 0 )
// Create "thread 2"
rootPost2 , _ := postAndCheck ( t , client , & model . Post { ChannelId : th . BasicChannel . Id , Message : "Thread 2" } )
postAndCheck ( t , th . SystemAdminClient , & model . Post { ChannelId : th . BasicChannel . Id , Message : "Thread 2, reply 1" , RootId : rootPost2 . Id } )
// Add a reply to "thread 1"
postAndCheck ( t , th . SystemAdminClient , & model . Post { ChannelId : th . BasicChannel . Id , Message : "Thread 1, Reply 2" , RootId : rootPost1 . Id } )
// Should fetch "thread 1" & "thread 2"
2023-06-06 17:29:29 -04:00
uss , _ , err = th . Client . GetUserThreads ( context . Background ( ) , th . BasicUser . Id , th . BasicTeam . Id , model . GetUserThreadsOpts {
2023-02-03 09:20:10 -05:00
Since : uint64 ( threadMembership . LastUpdated ) + 1 ,
} )
require . NoError ( t , err )
require . Equal ( t , uss . TotalUnreadThreads , int64 ( 2 ) )
} )
2023-04-19 08:20:34 -04:00
t . Run ( "should error when not a team member" , func ( t * testing . T ) {
2025-11-12 07:00:51 -05:00
th . UnlinkUserFromTeam ( t , th . BasicUser , th . BasicTeam )
defer th . LinkUserToTeam ( t , th . BasicUser , th . BasicTeam )
2023-04-19 08:20:34 -04:00
2023-06-06 17:29:29 -04:00
_ , resp , err := th . Client . GetUserThreads ( context . Background ( ) , th . BasicUser . Id , th . BasicTeam . Id , model . GetUserThreadsOpts { } )
2023-04-19 08:20:34 -04:00
require . Error ( t , err )
CheckForbiddenStatus ( t , resp )
} )
2020-11-08 03:36:46 -05:00
}
2020-11-20 04:00:52 -05:00
func TestThreadSocketEvents ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2021-01-13 05:42:35 -05:00
2021-05-19 07:30:26 -04:00
th . ConfigStore . SetReadOnlyFF ( false )
defer th . ConfigStore . SetReadOnlyFF ( true )
2020-11-20 04:00:52 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) {
* cfg . ServiceSettings . ThreadAutoFollow = true
2021-07-12 14:05:36 -04:00
* cfg . ServiceSettings . CollapsedThreads = model . CollapsedThreadsDefaultOn
2020-11-20 04:00:52 -05:00
} )
2025-01-29 08:58:43 -05:00
userWSClient := th . CreateConnectedWebSocketClient ( t )
2020-11-20 04:00:52 -05:00
2021-08-13 07:12:16 -04:00
client := th . Client
2020-11-20 04:00:52 -05:00
2023-06-06 17:29:29 -04:00
rpost , resp , err := client . CreatePost ( context . Background ( ) , & model . Post { ChannelId : th . BasicChannel . Id , Message : "testMsg" } )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-11-20 04:00:52 -05:00
CheckCreatedStatus ( t , resp )
2026-01-20 04:38:27 -05:00
replyPost , _ , appErr := th . App . CreatePostAsUser ( th . Context , & model . Post { ChannelId : th . BasicChannel . Id , Message : "testReply @" + th . BasicUser . Username , UserId : th . BasicUser2 . Id , RootId : rpost . Id } , th . Context . Session ( ) . Id , false )
2021-08-13 07:12:16 -04:00
require . Nil ( t , appErr )
2024-11-20 11:28:39 -05:00
defer func ( ) {
err = th . App . Srv ( ) . Store ( ) . Post ( ) . PermanentDeleteByUser ( th . Context , th . BasicUser . Id )
require . NoError ( t , err )
err = th . App . Srv ( ) . Store ( ) . Post ( ) . PermanentDeleteByUser ( th . Context , th . BasicUser2 . Id )
require . NoError ( t , err )
} ( )
2020-11-20 04:00:52 -05:00
t . Run ( "Listed for update event" , func ( t * testing . T ) {
var caught bool
func ( ) {
for {
select {
case ev := <- userWSClient . EventChannel :
2021-07-12 14:05:36 -04:00
if ev . EventType ( ) == model . WebsocketEventThreadUpdated {
2020-11-20 04:00:52 -05:00
caught = true
2021-09-01 08:43:12 -04:00
var thread model . ThreadResponse
jsonErr := json . Unmarshal ( [ ] byte ( ev . GetData ( ) [ "thread" ] . ( string ) ) , & thread )
require . NoError ( t , jsonErr )
2021-03-02 09:49:00 -05:00
for _ , p := range thread . Participants {
if p . Id != th . BasicUser . Id && p . Id != th . BasicUser2 . Id {
require . Fail ( t , "invalid participants" )
}
}
2020-11-20 04:00:52 -05:00
}
2024-04-05 09:58:49 -04:00
case <- time . After ( 2 * time . Second ) :
2020-11-20 04:00:52 -05:00
return
}
}
} ( )
2021-07-12 14:05:36 -04:00
require . Truef ( t , caught , "User should have received %s event" , model . WebsocketEventThreadUpdated )
2020-11-20 04:00:52 -05:00
} )
2024-09-26 09:02:11 -04:00
_ , resp , err = th . Client . UpdateThreadReadForUser ( context . Background ( ) , th . BasicUser . Id , th . BasicTeam . Id , rpost . Id , replyPost . CreateAt + 1 )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-11-20 04:00:52 -05:00
CheckOKStatus ( t , resp )
2024-09-26 09:02:11 -04:00
t . Run ( "Listed for read event" , func ( t * testing . T ) {
2020-11-20 04:00:52 -05:00
var caught bool
func ( ) {
for {
select {
case ev := <- userWSClient . EventChannel :
2024-09-26 09:02:11 -04:00
if ev . EventType ( ) == model . WebsocketEventThreadReadChanged {
2020-11-20 04:00:52 -05:00
caught = true
2024-09-26 09:02:11 -04:00
data := ev . GetData ( )
require . EqualValues ( t , replyPost . CreateAt + 1 , data [ "timestamp" ] )
require . EqualValues ( t , float64 ( 1 ) , data [ "previous_unread_replies" ] )
require . EqualValues ( t , float64 ( 1 ) , data [ "previous_unread_mentions" ] )
require . EqualValues ( t , float64 ( 0 ) , data [ "unread_replies" ] )
require . EqualValues ( t , float64 ( 0 ) , data [ "unread_mentions" ] )
2020-11-20 04:00:52 -05:00
}
2024-04-05 09:58:49 -04:00
case <- time . After ( 2 * time . Second ) :
2020-11-20 04:00:52 -05:00
return
}
}
} ( )
2024-09-26 09:02:11 -04:00
require . Truef ( t , caught , "User should have received %s event" , model . WebsocketEventThreadReadChanged )
2020-11-20 04:00:52 -05:00
} )
2024-09-26 09:02:11 -04:00
resp , err = th . Client . UpdateThreadFollowForUser ( context . Background ( ) , th . BasicUser . Id , th . BasicTeam . Id , rpost . Id , false )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-11-20 04:00:52 -05:00
CheckOKStatus ( t , resp )
2024-09-26 09:02:11 -04:00
t . Run ( "Listed for follow event" , func ( t * testing . T ) {
2020-11-20 04:00:52 -05:00
var caught bool
func ( ) {
for {
select {
case ev := <- userWSClient . EventChannel :
2024-09-26 09:02:11 -04:00
if ev . EventType ( ) == model . WebsocketEventThreadFollowChanged {
2020-11-20 04:00:52 -05:00
caught = true
2024-09-26 09:02:11 -04:00
require . Equal ( t , ev . GetData ( ) [ "state" ] , false )
require . Equal ( t , ev . GetData ( ) [ "reply_count" ] , float64 ( 1 ) )
2022-02-09 15:41:30 -05:00
}
2024-04-05 09:58:49 -04:00
case <- time . After ( 2 * time . Second ) :
2022-02-09 15:41:30 -05:00
return
}
}
} ( )
2024-09-26 09:02:11 -04:00
require . Truef ( t , caught , "User should have received %s event" , model . WebsocketEventThreadFollowChanged )
2022-02-09 15:41:30 -05:00
} )
2024-09-26 09:02:11 -04:00
_ , err = th . Client . UpdateThreadFollowForUser ( context . Background ( ) , th . BasicUser . Id , th . BasicTeam . Id , rpost . Id , true )
require . NoError ( t , err )
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . SetThreadUnreadByPostId ( context . Background ( ) , th . BasicUser . Id , th . BasicTeam . Id , rpost . Id , rpost . Id )
2022-02-09 15:41:30 -05:00
require . NoError ( t , err )
CheckOKStatus ( t , resp )
t . Run ( "Listen for read event 2" , func ( t * testing . T ) {
var caught bool
func ( ) {
for {
select {
case ev := <- userWSClient . EventChannel :
if ev . EventType ( ) == model . WebsocketEventThreadReadChanged {
caught = true
data := ev . GetData ( )
2022-04-15 03:55:47 -04:00
require . EqualValues ( t , rpost . CreateAt - 1 , data [ "timestamp" ] )
2022-02-09 15:41:30 -05:00
require . EqualValues ( t , float64 ( 0 ) , data [ "previous_unread_replies" ] )
require . EqualValues ( t , float64 ( 0 ) , data [ "previous_unread_mentions" ] )
require . EqualValues ( t , float64 ( 1 ) , data [ "unread_replies" ] )
require . EqualValues ( t , float64 ( 1 ) , data [ "unread_mentions" ] )
2020-11-20 04:00:52 -05:00
}
2024-04-05 09:58:49 -04:00
case <- time . After ( 2 * time . Second ) :
2020-11-20 04:00:52 -05:00
return
}
}
} ( )
2021-07-12 14:05:36 -04:00
require . Truef ( t , caught , "User should have received %s event" , model . WebsocketEventThreadReadChanged )
2020-11-20 04:00:52 -05:00
} )
2022-02-09 15:41:30 -05:00
// read the thread
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . UpdateThreadReadForUser ( context . Background ( ) , th . BasicUser . Id , th . BasicTeam . Id , rpost . Id , replyPost . CreateAt + 1 )
2022-02-09 15:41:30 -05:00
require . NoError ( t , err )
CheckOKStatus ( t , resp )
t . Run ( "Listen for thread updated event after create post" , func ( t * testing . T ) {
testCases := [ ] struct {
post * model . Post
preReplies int64
preMentions int64
replies int64
mentions int64
} {
{
post : & model . Post { ChannelId : th . BasicChannel . Id , Message : "simple reply" , UserId : th . BasicUser2 . Id , RootId : rpost . Id } ,
preReplies : 0 ,
preMentions : 0 ,
replies : 1 ,
mentions : 0 ,
} ,
{
post : & model . Post { ChannelId : th . BasicChannel . Id , Message : "mention reply 1 @" + th . BasicUser . Username , UserId : th . BasicUser2 . Id , RootId : rpost . Id } ,
preReplies : 1 ,
preMentions : 0 ,
replies : 2 ,
mentions : 1 ,
} ,
{
post : & model . Post { ChannelId : th . BasicChannel . Id , Message : "mention reply 2 @" + th . BasicUser . Username , UserId : th . BasicUser2 . Id , RootId : rpost . Id } ,
preReplies : 2 ,
preMentions : 1 ,
replies : 3 ,
mentions : 2 ,
} ,
{
// posting as current user will read the thread
post : & model . Post { ChannelId : th . BasicChannel . Id , Message : "self reply" , UserId : th . BasicUser . Id , RootId : rpost . Id } ,
preReplies : 3 ,
preMentions : 2 ,
replies : 0 ,
mentions : 0 ,
2025-01-27 13:03:16 -05:00
} ,
{
2022-02-09 15:41:30 -05:00
post : & model . Post { ChannelId : th . BasicChannel . Id , Message : "simple reply" , UserId : th . BasicUser2 . Id , RootId : rpost . Id } ,
preReplies : 0 ,
preMentions : 0 ,
replies : 1 ,
mentions : 0 ,
} ,
{
post : & model . Post { ChannelId : th . BasicChannel . Id , Message : "mention reply 3 @" + th . BasicUser . Username , UserId : th . BasicUser2 . Id , RootId : rpost . Id } ,
preReplies : 1 ,
preMentions : 0 ,
replies : 2 ,
mentions : 1 ,
} ,
}
for _ , tc := range testCases {
// post a reply on the thread
2026-01-20 04:38:27 -05:00
_ , _ , appErr = th . App . CreatePostAsUser ( th . Context , tc . post , th . Context . Session ( ) . Id , false )
2022-02-09 15:41:30 -05:00
require . Nil ( t , appErr )
var caught bool
func ( ) {
for {
select {
case ev := <- userWSClient . EventChannel :
if ev . EventType ( ) == model . WebsocketEventThreadUpdated {
caught = true
data := ev . GetData ( )
var thread model . ThreadResponse
jsonErr := json . Unmarshal ( [ ] byte ( data [ "thread" ] . ( string ) ) , & thread )
require . NoError ( t , jsonErr )
require . Equal ( t , tc . preReplies , int64 ( data [ "previous_unread_replies" ] . ( float64 ) ) )
require . Equal ( t , tc . preMentions , int64 ( data [ "previous_unread_mentions" ] . ( float64 ) ) )
require . Equal ( t , tc . replies , thread . UnreadReplies )
require . Equal ( t , tc . mentions , thread . UnreadMentions )
}
2024-04-05 09:58:49 -04:00
case <- time . After ( 2 * time . Second ) :
2022-02-09 15:41:30 -05:00
return
}
}
} ( )
require . Truef ( t , caught , "User should have received %s event" , model . WebsocketEventThreadUpdated )
}
} )
2022-04-15 12:47:04 -04:00
t . Run ( "Listen for thread updated event after create post when not previously following the thread" , func ( t * testing . T ) {
rpost2 := & model . Post { ChannelId : th . BasicChannel . Id , UserId : th . BasicUser2 . Id , Message : "root post" }
var appErr * model . AppError
2026-01-20 04:38:27 -05:00
rpost2 , _ , appErr = th . App . CreatePostAsUser ( th . Context , rpost2 , th . Context . Session ( ) . Id , false )
2022-04-15 12:47:04 -04:00
require . Nil ( t , appErr )
reply1 := & model . Post { ChannelId : th . BasicChannel . Id , UserId : th . BasicUser2 . Id , Message : "reply 1" , RootId : rpost2 . Id }
reply2 := & model . Post { ChannelId : th . BasicChannel . Id , UserId : th . BasicUser2 . Id , Message : "reply 2" , RootId : rpost2 . Id }
reply3 := & model . Post { ChannelId : th . BasicChannel . Id , UserId : th . BasicUser2 . Id , Message : "mention @" + th . BasicUser . Username , RootId : rpost2 . Id }
2026-01-20 04:38:27 -05:00
_ , _ , appErr = th . App . CreatePostAsUser ( th . Context , reply1 , th . Context . Session ( ) . Id , false )
2022-04-15 12:47:04 -04:00
require . Nil ( t , appErr )
2026-01-20 04:38:27 -05:00
_ , _ , appErr = th . App . CreatePostAsUser ( th . Context , reply2 , th . Context . Session ( ) . Id , false )
2022-04-15 12:47:04 -04:00
require . Nil ( t , appErr )
2026-01-20 04:38:27 -05:00
_ , _ , appErr = th . App . CreatePostAsUser ( th . Context , reply3 , th . Context . Session ( ) . Id , false )
2022-04-15 12:47:04 -04:00
require . Nil ( t , appErr )
count := 0
func ( ) {
for {
select {
case ev := <- userWSClient . EventChannel :
if ev . EventType ( ) == model . WebsocketEventThreadUpdated {
count ++
data := ev . GetData ( )
var thread model . ThreadResponse
jsonErr := json . Unmarshal ( [ ] byte ( data [ "thread" ] . ( string ) ) , & thread )
require . NoError ( t , jsonErr )
require . Equal ( t , int64 ( 0 ) , int64 ( data [ "previous_unread_replies" ] . ( float64 ) ) )
require . Equal ( t , int64 ( 0 ) , int64 ( data [ "previous_unread_mentions" ] . ( float64 ) ) )
require . Equal ( t , int64 ( 3 ) , thread . UnreadReplies )
require . Equal ( t , int64 ( 1 ) , thread . UnreadMentions )
}
2024-04-05 09:58:49 -04:00
case <- time . After ( 2 * time . Second ) :
2022-04-15 12:47:04 -04:00
return
}
}
} ( )
require . Equalf ( t , 1 , count , "User should have received 1 %s event" , model . WebsocketEventThreadUpdated )
} )
2020-11-20 04:00:52 -05:00
}
2020-11-08 03:36:46 -05:00
func TestFollowThreads ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2020-11-08 03:36:46 -05:00
2022-02-01 05:51:04 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) {
* cfg . ServiceSettings . ThreadAutoFollow = true
* cfg . ServiceSettings . CollapsedThreads = model . CollapsedThreadsDefaultOn
} )
2020-11-08 03:36:46 -05:00
t . Run ( "1 thread" , func ( t * testing . T ) {
2021-08-13 07:12:16 -04:00
client := th . Client
2020-11-08 03:36:46 -05:00
2023-06-06 17:29:29 -04:00
rpost , resp , err := client . CreatePost ( context . Background ( ) , & model . Post { ChannelId : th . BasicChannel . Id , Message : "testMsg" } )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
CheckCreatedStatus ( t , resp )
2023-06-06 17:29:29 -04:00
_ , resp , err = client . CreatePost ( context . Background ( ) , & model . Post { ChannelId : th . BasicChannel . Id , Message : "testReply" , RootId : rpost . Id } )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-11-08 03:36:46 -05:00
CheckCreatedStatus ( t , resp )
2024-11-20 11:28:39 -05:00
defer func ( ) {
err = th . App . Srv ( ) . Store ( ) . Post ( ) . PermanentDeleteByUser ( th . Context , th . BasicUser . Id )
require . NoError ( t , err )
} ( )
2020-11-08 03:36:46 -05:00
var uss * model . Threads
2023-06-06 17:29:29 -04:00
uss , _ , err = th . Client . GetUserThreads ( context . Background ( ) , th . BasicUser . Id , th . BasicTeam . Id , model . GetUserThreadsOpts {
2021-01-31 05:28:14 -05:00
Deleted : false ,
2020-11-08 03:36:46 -05:00
} )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-11-08 03:36:46 -05:00
require . Len ( t , uss . Threads , 1 )
2023-06-06 17:29:29 -04:00
resp , err = th . Client . UpdateThreadFollowForUser ( context . Background ( ) , th . BasicUser . Id , th . BasicTeam . Id , rpost . Id , false )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-11-08 03:36:46 -05:00
CheckOKStatus ( t , resp )
2023-06-06 17:29:29 -04:00
uss , _ , err = th . Client . GetUserThreads ( context . Background ( ) , th . BasicUser . Id , th . BasicTeam . Id , model . GetUserThreadsOpts {
2021-01-31 05:28:14 -05:00
Deleted : false ,
2020-11-08 03:36:46 -05:00
} )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-11-08 03:36:46 -05:00
require . Len ( t , uss . Threads , 0 )
2023-06-06 17:29:29 -04:00
resp , err = th . Client . UpdateThreadFollowForUser ( context . Background ( ) , th . BasicUser . Id , th . BasicTeam . Id , rpost . Id , true )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-11-08 03:36:46 -05:00
CheckOKStatus ( t , resp )
2023-06-06 17:29:29 -04:00
uss , _ , err = th . Client . GetUserThreads ( context . Background ( ) , th . BasicUser . Id , th . BasicTeam . Id , model . GetUserThreadsOpts {
2021-01-31 05:28:14 -05:00
Deleted : false ,
2020-11-08 03:36:46 -05:00
} )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-11-08 03:36:46 -05:00
require . Len ( t , uss . Threads , 1 )
2021-06-07 13:49:24 -04:00
require . GreaterOrEqual ( t , uss . Threads [ 0 ] . LastViewedAt , uss . Threads [ 0 ] . LastReplyAt )
2020-11-08 03:36:46 -05:00
} )
2021-09-29 10:00:23 -04:00
t . Run ( "No permission to channel" , func ( t * testing . T ) {
// Add user1 to private channel
2022-07-14 05:01:29 -04:00
_ , appErr := th . App . AddUserToChannel ( th . Context , th . BasicUser , th . BasicPrivateChannel2 , false )
2021-09-29 10:00:23 -04:00
require . Nil ( t , appErr )
2024-11-20 11:28:39 -05:00
defer func ( ) {
appErr = th . App . RemoveUserFromChannel ( th . Context , th . BasicUser . Id , "" , th . BasicPrivateChannel2 )
require . Nil ( t , appErr )
} ( )
2021-09-29 10:00:23 -04:00
// create thread in private channel
2023-06-06 17:29:29 -04:00
rpost , resp , err := th . Client . CreatePost ( context . Background ( ) , & model . Post { ChannelId : th . BasicPrivateChannel2 . Id , Message : "root post" } )
2021-09-29 10:00:23 -04:00
require . NoError ( t , err )
CheckCreatedStatus ( t , resp )
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . CreatePost ( context . Background ( ) , & model . Post { ChannelId : th . BasicPrivateChannel2 . Id , Message : "testReply" , RootId : rpost . Id } )
2021-09-29 10:00:23 -04:00
require . NoError ( t , err )
CheckCreatedStatus ( t , resp )
// Try to follow thread as other user who is not in the private channel
2023-06-06 17:29:29 -04:00
resp , err = th . Client . UpdateThreadFollowForUser ( context . Background ( ) , th . BasicUser2 . Id , th . BasicTeam . Id , rpost . Id , true )
2021-09-29 10:00:23 -04:00
require . Error ( t , err )
CheckForbiddenStatus ( t , resp )
// Try to unfollow thread as other user who is not in the private channel
2023-06-06 17:29:29 -04:00
resp , err = th . Client . UpdateThreadFollowForUser ( context . Background ( ) , th . BasicUser2 . Id , th . BasicTeam . Id , rpost . Id , false )
2021-09-29 10:00:23 -04:00
require . Error ( t , err )
CheckForbiddenStatus ( t , resp )
} )
2020-11-08 03:36:46 -05:00
}
2021-01-19 06:33:57 -05:00
func checkThreadListReplies ( t * testing . T , th * TestHelper , client * model . Client4 , userId string , expectedReplies , expectedThreads int , options * model . GetUserThreadsOpts ) ( * model . Threads , * model . Response ) {
opts := model . GetUserThreadsOpts { }
if options != nil {
opts = * options
}
2023-06-06 17:29:29 -04:00
u , resp , err := client . GetUserThreads ( context . Background ( ) , userId , th . BasicTeam . Id , opts )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2021-01-19 06:33:57 -05:00
require . Len ( t , u . Threads , expectedThreads )
count := int64 ( 0 )
sum := int64 ( 0 )
for _ , thr := range u . Threads {
if thr . UnreadReplies > 0 {
count += 1
}
sum += thr . UnreadReplies
}
2021-04-22 09:30:43 -04:00
require . EqualValues ( t , expectedReplies , sum , "expectedReplies don't match" )
require . Equal ( t , count , u . TotalUnreadThreads , "TotalUnreadThreads don't match" )
2021-01-19 06:33:57 -05:00
2021-08-13 07:12:16 -04:00
return u , resp
2021-01-19 06:33:57 -05:00
}
func postAndCheck ( t * testing . T , client * model . Client4 , post * model . Post ) ( * model . Post , * model . Response ) {
2023-06-06 17:29:29 -04:00
p , resp , err := client . CreatePost ( context . Background ( ) , post )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2021-01-19 06:33:57 -05:00
CheckCreatedStatus ( t , resp )
return p , resp
}
2020-12-06 03:02:53 -05:00
func TestMaintainUnreadRepliesInThread ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
th . LinkUserToTeam ( t , th . SystemAdminUser , th . BasicTeam )
defer th . UnlinkUserFromTeam ( t , th . SystemAdminUser , th . BasicTeam )
th . AddUserToChannel ( t , th . SystemAdminUser , th . BasicChannel )
defer th . RemoveUserFromChannel ( t , th . SystemAdminUser , th . BasicChannel )
2020-12-06 03:02:53 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) {
* cfg . ServiceSettings . ThreadAutoFollow = true
2021-07-12 14:05:36 -04:00
* cfg . ServiceSettings . CollapsedThreads = model . CollapsedThreadsDefaultOn
2020-12-06 03:02:53 -05:00
} )
2021-08-13 07:12:16 -04:00
client := th . Client
2024-11-20 11:28:39 -05:00
defer func ( ) {
err := th . App . Srv ( ) . Store ( ) . Post ( ) . PermanentDeleteByUser ( th . Context , th . BasicUser . Id )
require . NoError ( t , err )
err = th . App . Srv ( ) . Store ( ) . Post ( ) . PermanentDeleteByUser ( th . Context , th . SystemAdminUser . Id )
require . NoError ( t , err )
} ( )
2020-12-06 03:02:53 -05:00
// create a post by regular user
2021-08-13 07:12:16 -04:00
rpost , _ := postAndCheck ( t , client , & model . Post { ChannelId : th . BasicChannel . Id , Message : "testMsg" } )
2020-12-06 03:02:53 -05:00
// reply with another
2021-01-19 06:33:57 -05:00
postAndCheck ( t , th . SystemAdminClient , & model . Post { ChannelId : th . BasicChannel . Id , Message : "testReply" , RootId : rpost . Id } )
2020-12-06 03:02:53 -05:00
// regular user should have one thread with one reply
2021-01-19 06:33:57 -05:00
checkThreadListReplies ( t , th , th . Client , th . BasicUser . Id , 1 , 1 , nil )
2020-12-06 03:02:53 -05:00
// add another reply by regular user
2021-08-13 07:12:16 -04:00
postAndCheck ( t , client , & model . Post { ChannelId : th . BasicChannel . Id , Message : "testReply2" , RootId : rpost . Id } )
2020-12-06 03:02:53 -05:00
// replying to the thread clears reply count, so it should be 0
2021-01-19 06:33:57 -05:00
checkThreadListReplies ( t , th , th . Client , th . BasicUser . Id , 0 , 1 , nil )
2020-12-06 03:02:53 -05:00
2021-05-25 09:21:42 -04:00
// the other user should have 1 reply - the reply from the regular user
checkThreadListReplies ( t , th , th . SystemAdminClient , th . SystemAdminUser . Id , 1 , 1 , nil )
2020-12-06 03:02:53 -05:00
// mark all as read for user
2023-06-06 17:29:29 -04:00
resp , err := th . Client . UpdateThreadsReadForUser ( context . Background ( ) , th . BasicUser . Id , th . BasicTeam . Id )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-12-06 03:02:53 -05:00
CheckOKStatus ( t , resp )
// reply count should be 0
2021-01-19 06:33:57 -05:00
checkThreadListReplies ( t , th , th . Client , th . BasicUser . Id , 0 , 1 , nil )
2020-12-06 03:02:53 -05:00
2021-01-31 04:54:35 -05:00
// mark other user's read state
2023-06-06 17:29:29 -04:00
_ , resp , err = th . SystemAdminClient . UpdateThreadReadForUser ( context . Background ( ) , th . SystemAdminUser . Id , th . BasicTeam . Id , rpost . Id , model . GetMillis ( ) )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2021-01-31 04:54:35 -05:00
CheckOKStatus ( t , resp )
// get unread only, should return nothing
checkThreadListReplies ( t , th , th . SystemAdminClient , th . SystemAdminUser . Id , 0 , 0 , & model . GetUserThreadsOpts { Unread : true } )
// restore unread to an old date
2023-06-06 17:29:29 -04:00
_ , resp , err = th . SystemAdminClient . UpdateThreadReadForUser ( context . Background ( ) , th . SystemAdminUser . Id , th . BasicTeam . Id , rpost . Id , 123 )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2021-01-31 04:54:35 -05:00
CheckOKStatus ( t , resp )
// should have 2 unread replies now
checkThreadListReplies ( t , th , th . SystemAdminClient , th . SystemAdminUser . Id , 2 , 1 , & model . GetUserThreadsOpts { Unread : true } )
2020-12-06 03:02:53 -05:00
}
2021-01-19 06:33:57 -05:00
func TestThreadCounts ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2022-12-30 04:11:31 -05:00
2021-01-19 06:33:57 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) {
* cfg . ServiceSettings . ThreadAutoFollow = true
2021-07-12 14:05:36 -04:00
* cfg . ServiceSettings . CollapsedThreads = model . CollapsedThreadsDefaultOn
2021-01-19 06:33:57 -05:00
} )
2021-08-13 07:12:16 -04:00
client := th . Client
2024-11-20 11:28:39 -05:00
defer func ( ) {
err := th . App . Srv ( ) . Store ( ) . Post ( ) . PermanentDeleteByUser ( th . Context , th . BasicUser . Id )
require . NoError ( t , err )
err = th . App . Srv ( ) . Store ( ) . Post ( ) . PermanentDeleteByUser ( th . Context , th . SystemAdminUser . Id )
require . NoError ( t , err )
} ( )
2021-01-19 06:33:57 -05:00
// create a post by regular user
2021-08-13 07:12:16 -04:00
rpost , _ := postAndCheck ( t , client , & model . Post { ChannelId : th . BasicChannel . Id , Message : "testMsg" } )
2021-01-19 06:33:57 -05:00
// reply with another
postAndCheck ( t , th . SystemAdminClient , & model . Post { ChannelId : th . BasicChannel . Id , Message : "testReply" , RootId : rpost . Id } )
// create another post by regular user
2021-08-13 07:12:16 -04:00
rpost2 , _ := postAndCheck ( t , client , & model . Post { ChannelId : th . BasicChannel2 . Id , Message : "testMsg1" } )
2021-01-19 06:33:57 -05:00
// reply with another 2 times
postAndCheck ( t , th . SystemAdminClient , & model . Post { ChannelId : th . BasicChannel2 . Id , Message : "testReply2" , RootId : rpost2 . Id } )
postAndCheck ( t , th . SystemAdminClient , & model . Post { ChannelId : th . BasicChannel2 . Id , Message : "testReply22" , RootId : rpost2 . Id } )
// regular user should have two threads with 3 replies total
checkThreadListReplies ( t , th , th . Client , th . BasicUser . Id , 3 , 2 , & model . GetUserThreadsOpts {
Deleted : false ,
} )
// delete first thread
2024-11-20 11:28:39 -05:00
err := th . App . Srv ( ) . Store ( ) . Post ( ) . Delete ( th . Context , rpost . Id , model . GetMillis ( ) , th . BasicUser . Id )
require . NoError ( t , err )
2021-01-19 06:33:57 -05:00
// we should now have 1 thread with 2 replies
checkThreadListReplies ( t , th , th . Client , th . BasicUser . Id , 2 , 1 , & model . GetUserThreadsOpts {
Deleted : false ,
} )
2021-01-31 05:28:14 -05:00
// with Deleted we should get the same as before deleting
2021-01-19 06:33:57 -05:00
checkThreadListReplies ( t , th , th . Client , th . BasicUser . Id , 3 , 2 , & model . GetUserThreadsOpts {
Deleted : true ,
} )
2020-12-01 10:20:23 -05:00
}
2021-01-19 06:33:57 -05:00
2021-01-28 11:07:39 -05:00
func TestSingleThreadGet ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2022-11-23 14:08:21 -05:00
2023-05-18 14:14:12 -04:00
th . App . Srv ( ) . SetLicense ( model . NewTestLicenseSKU ( model . LicenseShortSkuProfessional ) )
2021-01-28 11:07:39 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) {
* cfg . ServiceSettings . ThreadAutoFollow = true
2021-07-12 14:05:36 -04:00
* cfg . ServiceSettings . CollapsedThreads = model . CollapsedThreadsDefaultOn
2022-11-23 14:08:21 -05:00
* cfg . ServiceSettings . PostPriority = true
2021-01-28 11:07:39 -05:00
} )
2021-08-13 07:12:16 -04:00
client := th . Client
2021-01-28 11:07:39 -05:00
2023-04-19 08:20:34 -04:00
t . Run ( "get single thread" , func ( t * testing . T ) {
2024-11-20 11:28:39 -05:00
defer func ( ) {
err := th . App . Srv ( ) . Store ( ) . Post ( ) . PermanentDeleteByUser ( th . Context , th . BasicUser . Id )
require . NoError ( t , err )
err = th . App . Srv ( ) . Store ( ) . Post ( ) . PermanentDeleteByUser ( th . Context , th . SystemAdminUser . Id )
require . NoError ( t , err )
} ( )
2021-01-28 11:07:39 -05:00
2023-04-19 08:20:34 -04:00
// create a post by regular user
rpost , _ := postAndCheck ( t , client , & model . Post { ChannelId : th . BasicChannel . Id , Message : "testMsg" } )
// reply with another
postAndCheck ( t , th . SystemAdminClient , & model . Post { ChannelId : th . BasicChannel . Id , Message : "testReply" , RootId : rpost . Id } )
// create another thread to check that we are not returning it by mistake
rpost2 , _ := postAndCheck ( t , client , & model . Post {
ChannelId : th . BasicChannel2 . Id ,
Message : "testMsg2" ,
Metadata : & model . PostMetadata {
Priority : & model . PostPriority {
2024-08-05 23:45:00 -04:00
Priority : model . NewPointer ( model . PostPriorityUrgent ) ,
2023-04-19 08:20:34 -04:00
} ,
2022-11-23 14:08:21 -05:00
} ,
2023-04-19 08:20:34 -04:00
} )
postAndCheck ( t , th . SystemAdminClient , & model . Post { ChannelId : th . BasicChannel2 . Id , Message : "testReply" , RootId : rpost2 . Id } )
2021-01-28 11:07:39 -05:00
2023-04-19 08:20:34 -04:00
// regular user should have two threads with 3 replies total
threads , _ := checkThreadListReplies ( t , th , th . Client , th . BasicUser . Id , 2 , 2 , nil )
2021-01-28 11:07:39 -05:00
2023-06-06 17:29:29 -04:00
tr , _ , err := th . Client . GetUserThread ( context . Background ( ) , th . BasicUser . Id , th . BasicTeam . Id , threads . Threads [ 0 ] . PostId , false )
2023-04-19 08:20:34 -04:00
require . NoError ( t , err )
require . NotNil ( t , tr )
require . Equal ( t , threads . Threads [ 0 ] . PostId , tr . PostId )
require . Empty ( t , tr . Participants [ 0 ] . Username )
2021-01-28 11:07:39 -05:00
2023-04-19 08:20:34 -04:00
th . App . UpdateConfig ( func ( cfg * model . Config ) {
* cfg . ServiceSettings . PostPriority = false
} )
2022-11-23 14:08:21 -05:00
2023-06-06 17:29:29 -04:00
tr , _ , err = th . Client . GetUserThread ( context . Background ( ) , th . BasicUser . Id , th . BasicTeam . Id , threads . Threads [ 0 ] . PostId , true )
2023-04-19 08:20:34 -04:00
require . NoError ( t , err )
require . NotEmpty ( t , tr . Participants [ 0 ] . Username )
require . Equal ( t , false , tr . IsUrgent )
2022-11-23 14:08:21 -05:00
2023-04-19 08:20:34 -04:00
th . App . UpdateConfig ( func ( cfg * model . Config ) {
* cfg . ServiceSettings . PostPriority = true
} )
2023-06-06 17:29:29 -04:00
tr , _ , err = th . Client . GetUserThread ( context . Background ( ) , th . BasicUser . Id , th . BasicTeam . Id , threads . Threads [ 0 ] . PostId , true )
2023-04-19 08:20:34 -04:00
require . NoError ( t , err )
require . Equal ( t , true , tr . IsUrgent )
2022-11-23 14:08:21 -05:00
} )
2023-04-19 08:20:34 -04:00
t . Run ( "should error when not a team member" , func ( t * testing . T ) {
2025-11-12 07:00:51 -05:00
th . UnlinkUserFromTeam ( t , th . BasicUser , th . BasicTeam )
defer th . LinkUserToTeam ( t , th . BasicUser , th . BasicTeam )
2023-04-19 08:20:34 -04:00
2023-06-06 17:29:29 -04:00
_ , resp , err := th . Client . GetUserThread ( context . Background ( ) , th . BasicUser . Id , th . BasicTeam . Id , model . NewId ( ) , false )
2023-04-19 08:20:34 -04:00
require . Error ( t , err )
CheckForbiddenStatus ( t , resp )
} )
2021-01-28 11:07:39 -05:00
}
2020-12-01 10:20:23 -05:00
func TestMaintainUnreadMentionsInThread ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
th . LinkUserToTeam ( t , th . SystemAdminUser , th . BasicTeam )
defer th . UnlinkUserFromTeam ( t , th . SystemAdminUser , th . BasicTeam )
th . AddUserToChannel ( t , th . SystemAdminUser , th . BasicChannel )
defer th . RemoveUserFromChannel ( t , th . SystemAdminUser , th . BasicChannel )
2021-08-13 07:12:16 -04:00
client := th . Client
2022-12-30 04:11:31 -05:00
2020-12-01 10:20:23 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) {
* cfg . ServiceSettings . ThreadAutoFollow = true
2021-07-12 14:05:36 -04:00
* cfg . ServiceSettings . CollapsedThreads = model . CollapsedThreadsDefaultOn
2020-12-01 10:20:23 -05:00
} )
2021-02-09 05:03:32 -05:00
checkThreadList := func ( client * model . Client4 , userId string , expectedMentions , expectedThreads int ) ( * model . Threads , * model . Response ) {
2023-06-06 17:29:29 -04:00
uss , resp , err := client . GetUserThreads ( context . Background ( ) , userId , th . BasicTeam . Id , model . GetUserThreadsOpts {
2021-01-31 05:28:14 -05:00
Deleted : false ,
2020-12-01 10:20:23 -05:00
} )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2021-02-09 05:03:32 -05:00
2020-12-01 10:20:23 -05:00
require . Len ( t , uss . Threads , expectedThreads )
sum := int64 ( 0 )
2020-12-06 03:02:53 -05:00
for _ , thr := range uss . Threads {
sum += thr . UnreadMentions
2020-12-01 10:20:23 -05:00
}
2020-12-06 03:02:53 -05:00
require . Equal ( t , sum , uss . TotalUnreadMentions )
2021-02-09 05:03:32 -05:00
require . EqualValues ( t , expectedMentions , uss . TotalUnreadMentions )
2020-12-01 10:20:23 -05:00
return uss , resp
}
2024-11-20 11:28:39 -05:00
defer func ( ) {
err := th . App . Srv ( ) . Store ( ) . Post ( ) . PermanentDeleteByUser ( th . Context , th . BasicUser . Id )
require . NoError ( t , err )
err = th . App . Srv ( ) . Store ( ) . Post ( ) . PermanentDeleteByUser ( th . Context , th . SystemAdminUser . Id )
require . NoError ( t , err )
} ( )
2021-02-09 05:03:32 -05:00
2020-12-01 10:20:23 -05:00
// create regular post
2021-08-13 07:12:16 -04:00
rpost , _ := postAndCheck ( t , client , & model . Post { ChannelId : th . BasicChannel . Id , Message : "testMsg" } )
2020-12-01 10:20:23 -05:00
// create reply and mention the original poster and another user
postAndCheck ( t , th . SystemAdminClient , & model . Post { ChannelId : th . BasicChannel . Id , Message : "testReply @" + th . BasicUser . Username + " and @" + th . BasicUser2 . Username , RootId : rpost . Id } )
// basic user 1 was mentioned 1 time
2021-02-09 05:03:32 -05:00
checkThreadList ( th . Client , th . BasicUser . Id , 1 , 1 )
2020-12-01 10:20:23 -05:00
// basic user 2 was mentioned 1 time
2021-02-09 05:03:32 -05:00
checkThreadList ( th . SystemAdminClient , th . BasicUser2 . Id , 1 , 1 )
2020-12-01 10:20:23 -05:00
// test self mention, shouldn't increase mention count
2021-08-13 07:12:16 -04:00
postAndCheck ( t , client , & model . Post { ChannelId : th . BasicChannel . Id , Message : "testReply @" + th . BasicUser . Username , RootId : rpost . Id } )
2022-02-09 15:41:30 -05:00
// mention should be 0 after self reply
checkThreadList ( th . Client , th . BasicUser . Id , 0 , 1 )
2020-12-01 10:20:23 -05:00
// test DM
2025-11-12 07:00:51 -05:00
dm := th . CreateDmChannel ( t , th . SystemAdminUser )
2021-08-13 07:12:16 -04:00
dm_root_post , _ := postAndCheck ( t , client , & model . Post { ChannelId : dm . Id , Message : "hi @" + th . SystemAdminUser . Username } )
2020-12-01 10:20:23 -05:00
// no changes
2022-02-09 15:41:30 -05:00
checkThreadList ( th . Client , th . BasicUser . Id , 0 , 1 )
2020-12-01 10:20:23 -05:00
// post reply by the same user
2021-08-13 07:12:16 -04:00
postAndCheck ( t , client , & model . Post { ChannelId : dm . Id , Message : "how are you" , RootId : dm_root_post . Id } )
2020-12-01 10:20:23 -05:00
// thread created
2022-02-09 15:41:30 -05:00
checkThreadList ( th . Client , th . BasicUser . Id , 0 , 2 )
2020-12-01 10:20:23 -05:00
// post two replies by another user, without mentions. mention count should still increase since this is a DM
postAndCheck ( t , th . SystemAdminClient , & model . Post { ChannelId : dm . Id , Message : "msg1" , RootId : dm_root_post . Id } )
postAndCheck ( t , th . SystemAdminClient , & model . Post { ChannelId : dm . Id , Message : "msg2" , RootId : dm_root_post . Id } )
// expect increment by two mentions
2022-02-09 15:41:30 -05:00
checkThreadList ( th . Client , th . BasicUser . Id , 2 , 2 )
2020-12-01 10:20:23 -05:00
}
2020-11-08 03:36:46 -05:00
func TestReadThreads ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2022-12-30 04:11:31 -05:00
2021-01-24 04:37:09 -05:00
th . App . UpdateConfig ( func ( cfg * model . Config ) {
* cfg . ServiceSettings . ThreadAutoFollow = true
2021-07-12 14:05:36 -04:00
* cfg . ServiceSettings . CollapsedThreads = model . CollapsedThreadsDefaultOn
2021-01-24 04:37:09 -05:00
} )
2021-08-13 07:12:16 -04:00
client := th . Client
2020-11-08 03:36:46 -05:00
t . Run ( "all threads" , func ( t * testing . T ) {
2023-06-06 17:29:29 -04:00
rpost , resp , err := client . CreatePost ( context . Background ( ) , & model . Post { ChannelId : th . BasicChannel . Id , Message : "testMsg" } )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
CheckCreatedStatus ( t , resp )
2023-06-06 17:29:29 -04:00
_ , resp , err = client . CreatePost ( context . Background ( ) , & model . Post { ChannelId : th . BasicChannel . Id , Message : "testReply" , RootId : rpost . Id } )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-11-08 03:36:46 -05:00
CheckCreatedStatus ( t , resp )
2024-11-20 11:28:39 -05:00
defer func ( ) {
err = th . App . Srv ( ) . Store ( ) . Post ( ) . PermanentDeleteByUser ( th . Context , th . BasicUser . Id )
require . NoError ( t , err )
} ( )
2020-11-08 03:36:46 -05:00
2020-12-06 03:02:53 -05:00
var uss , uss2 * model . Threads
2023-06-06 17:29:29 -04:00
uss , _ , err = th . Client . GetUserThreads ( context . Background ( ) , th . BasicUser . Id , th . BasicTeam . Id , model . GetUserThreadsOpts {
2021-01-31 05:28:14 -05:00
Deleted : false ,
2020-11-08 03:36:46 -05:00
} )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-11-08 03:36:46 -05:00
require . Len ( t , uss . Threads , 1 )
2023-06-06 17:29:29 -04:00
resp , err = th . Client . UpdateThreadsReadForUser ( context . Background ( ) , th . BasicUser . Id , th . BasicTeam . Id )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-11-08 03:36:46 -05:00
CheckOKStatus ( t , resp )
2023-06-06 17:29:29 -04:00
uss2 , _ , err = th . Client . GetUserThreads ( context . Background ( ) , th . BasicUser . Id , th . BasicTeam . Id , model . GetUserThreadsOpts {
2021-01-31 05:28:14 -05:00
Deleted : false ,
2020-11-08 03:36:46 -05:00
} )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-11-08 03:36:46 -05:00
require . Len ( t , uss2 . Threads , 1 )
require . Greater ( t , uss2 . Threads [ 0 ] . LastViewedAt , uss . Threads [ 0 ] . LastViewedAt )
} )
2022-04-15 03:55:47 -04:00
t . Run ( "1 thread by timestamp" , func ( t * testing . T ) {
2024-11-20 11:28:39 -05:00
defer func ( ) {
err := th . App . Srv ( ) . Store ( ) . Post ( ) . PermanentDeleteByUser ( th . Context , th . BasicUser . Id )
require . NoError ( t , err )
err = th . App . Srv ( ) . Store ( ) . Post ( ) . PermanentDeleteByUser ( th . Context , th . SystemAdminUser . Id )
require . NoError ( t , err )
} ( )
2020-11-08 03:36:46 -05:00
2021-08-13 07:12:16 -04:00
rpost , _ := postAndCheck ( t , client , & model . Post { ChannelId : th . BasicChannel . Id , Message : "testMsgC1" } )
2021-01-31 05:28:14 -05:00
postAndCheck ( t , th . SystemAdminClient , & model . Post { ChannelId : th . BasicChannel . Id , Message : "testReplyC1" , RootId : rpost . Id } )
2020-11-08 03:36:46 -05:00
2021-08-13 07:12:16 -04:00
rrpost , _ := postAndCheck ( t , client , & model . Post { ChannelId : th . BasicChannel2 . Id , Message : "testMsgC2" } )
2021-01-31 05:28:14 -05:00
postAndCheck ( t , th . SystemAdminClient , & model . Post { ChannelId : th . BasicChannel2 . Id , Message : "testReplyC2" , RootId : rrpost . Id } )
2020-11-08 03:36:46 -05:00
2021-01-24 04:37:09 -05:00
uss , _ := checkThreadListReplies ( t , th , th . Client , th . BasicUser . Id , 2 , 2 , nil )
2020-11-08 03:36:46 -05:00
2023-06-06 17:29:29 -04:00
_ , resp , err := th . Client . UpdateThreadReadForUser ( context . Background ( ) , th . BasicUser . Id , th . BasicTeam . Id , rrpost . Id , model . GetMillis ( ) + 10 )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-11-08 03:36:46 -05:00
CheckOKStatus ( t , resp )
2021-01-24 04:37:09 -05:00
uss2 , _ := checkThreadListReplies ( t , th , th . Client , th . BasicUser . Id , 1 , 2 , nil )
require . Greater ( t , uss2 . Threads [ 0 ] . LastViewedAt , uss . Threads [ 0 ] . LastViewedAt )
2020-11-08 03:36:46 -05:00
timestamp := model . GetMillis ( )
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . UpdateThreadReadForUser ( context . Background ( ) , th . BasicUser . Id , th . BasicTeam . Id , rrpost . Id , timestamp )
2021-08-13 07:12:16 -04:00
require . NoError ( t , err )
2020-11-08 03:36:46 -05:00
CheckOKStatus ( t , resp )
2021-01-24 04:37:09 -05:00
uss3 , _ := checkThreadListReplies ( t , th , th . Client , th . BasicUser . Id , 1 , 2 , nil )
require . Equal ( t , uss3 . Threads [ 0 ] . LastViewedAt , timestamp )
2020-11-08 03:36:46 -05:00
} )
2022-04-15 03:55:47 -04:00
t . Run ( "1 thread by post id" , func ( t * testing . T ) {
2024-11-20 11:28:39 -05:00
defer func ( ) {
err := th . App . Srv ( ) . Store ( ) . Post ( ) . PermanentDeleteByUser ( th . Context , th . BasicUser . Id )
require . NoError ( t , err )
err = th . App . Srv ( ) . Store ( ) . Post ( ) . PermanentDeleteByUser ( th . Context , th . SystemAdminUser . Id )
require . NoError ( t , err )
} ( )
2022-04-15 03:55:47 -04:00
rpost , _ := postAndCheck ( t , client , & model . Post { ChannelId : th . BasicChannel . Id , Message : "testMsgC1" } )
reply1 , _ := postAndCheck ( t , th . SystemAdminClient , & model . Post { ChannelId : th . BasicChannel . Id , Message : "testReplyC1" , RootId : rpost . Id } )
reply2 , _ := postAndCheck ( t , th . SystemAdminClient , & model . Post { ChannelId : th . BasicChannel . Id , Message : "testReplyC1" , RootId : rpost . Id } )
reply3 , _ := postAndCheck ( t , th . SystemAdminClient , & model . Post { ChannelId : th . BasicChannel . Id , Message : "testReplyC1" , RootId : rpost . Id } )
checkThreadListReplies ( t , th , th . Client , th . BasicUser . Id , 3 , 1 , nil )
2023-06-06 17:29:29 -04:00
_ , resp , err := th . Client . UpdateThreadReadForUser ( context . Background ( ) , th . BasicUser . Id , th . BasicTeam . Id , rpost . Id , reply3 . CreateAt + 1 )
2022-04-15 03:55:47 -04:00
require . NoError ( t , err )
CheckOKStatus ( t , resp )
checkThreadListReplies ( t , th , th . Client , th . BasicUser . Id , 0 , 1 , nil )
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . SetThreadUnreadByPostId ( context . Background ( ) , th . BasicUser . Id , th . BasicTeam . Id , rpost . Id , reply1 . Id )
2022-04-15 03:55:47 -04:00
require . NoError ( t , err )
CheckOKStatus ( t , resp )
checkThreadListReplies ( t , th , th . Client , th . BasicUser . Id , 3 , 1 , nil )
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . SetThreadUnreadByPostId ( context . Background ( ) , th . BasicUser . Id , th . BasicTeam . Id , rpost . Id , reply2 . Id )
2022-04-15 03:55:47 -04:00
require . NoError ( t , err )
CheckOKStatus ( t , resp )
checkThreadListReplies ( t , th , th . Client , th . BasicUser . Id , 2 , 1 , nil )
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . SetThreadUnreadByPostId ( context . Background ( ) , th . BasicUser . Id , th . BasicTeam . Id , rpost . Id , reply3 . Id )
2022-04-15 03:55:47 -04:00
require . NoError ( t , err )
CheckOKStatus ( t , resp )
checkThreadListReplies ( t , th , th . Client , th . BasicUser . Id , 1 , 1 , nil )
} )
2023-04-19 08:20:34 -04:00
t . Run ( "should error when not a team member" , func ( t * testing . T ) {
2025-11-12 07:00:51 -05:00
th . UnlinkUserFromTeam ( t , th . BasicUser , th . BasicTeam )
defer th . LinkUserToTeam ( t , th . BasicUser , th . BasicTeam )
2023-04-19 08:20:34 -04:00
2023-06-06 17:29:29 -04:00
_ , resp , err := th . Client . UpdateThreadReadForUser ( context . Background ( ) , th . BasicUser . Id , th . BasicTeam . Id , model . NewId ( ) , model . GetMillis ( ) )
2023-04-19 08:20:34 -04:00
require . Error ( t , err )
CheckForbiddenStatus ( t , resp )
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . SetThreadUnreadByPostId ( context . Background ( ) , th . BasicUser . Id , th . BasicTeam . Id , model . NewId ( ) , model . NewId ( ) )
2023-04-19 08:20:34 -04:00
require . Error ( t , err )
CheckForbiddenStatus ( t , resp )
2023-06-06 17:29:29 -04:00
resp , err = th . Client . UpdateThreadsReadForUser ( context . Background ( ) , th . BasicUser . Id , th . BasicTeam . Id )
2023-04-19 08:20:34 -04:00
require . Error ( t , err )
CheckForbiddenStatus ( t , resp )
} )
2020-11-08 03:36:46 -05:00
}
2021-03-22 14:02:16 -04:00
2021-04-27 08:48:43 -04:00
func TestMarkThreadUnreadMentionCount ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2022-12-30 04:11:31 -05:00
2021-04-27 08:48:43 -04:00
th . App . UpdateConfig ( func ( cfg * model . Config ) {
* cfg . ServiceSettings . ThreadAutoFollow = true
2021-07-12 14:05:36 -04:00
* cfg . ServiceSettings . CollapsedThreads = model . CollapsedThreadsDefaultOn
2021-04-27 08:48:43 -04:00
} )
2021-08-13 07:12:16 -04:00
client := th . Client
2021-04-27 08:48:43 -04:00
channel := th . BasicChannel
user := th . BasicUser
user2 := th . BasicUser2
2021-05-11 06:00:44 -04:00
appErr := th . App . JoinChannel ( th . Context , channel , user . Id )
2021-04-27 08:48:43 -04:00
require . Nil ( t , appErr )
2021-05-11 06:00:44 -04:00
appErr = th . App . JoinChannel ( th . Context , channel , user2 . Id )
2021-04-27 08:48:43 -04:00
require . Nil ( t , appErr )
2021-08-13 07:12:16 -04:00
rpost , _ := postAndCheck ( t , client , & model . Post { ChannelId : th . BasicChannel . Id , Message : "testMsg @" + th . BasicUser2 . Username } )
2022-04-11 12:43:14 -04:00
reply1 , _ := postAndCheck ( t , client , & model . Post { ChannelId : th . BasicChannel . Id , Message : "testReply1 @" + th . BasicUser2 . Username , RootId : rpost . Id } )
reply2 , _ := postAndCheck ( t , client , & model . Post { ChannelId : th . BasicChannel . Id , Message : "testReply2" , RootId : rpost . Id } )
2021-04-27 08:48:43 -04:00
2024-11-20 11:28:39 -05:00
_ , _ , err := th . SystemAdminClient . UpdateThreadReadForUser ( context . Background ( ) , th . BasicUser2 . Id , th . BasicTeam . Id , rpost . Id , model . GetMillis ( ) )
require . NoError ( t , err )
2021-04-27 08:48:43 -04:00
2023-06-06 17:29:29 -04:00
u , _ , _ := th . SystemAdminClient . GetUserThreads ( context . Background ( ) , th . BasicUser2 . Id , th . BasicTeam . Id , model . GetUserThreadsOpts { } )
2021-04-27 08:48:43 -04:00
require . EqualValues ( t , 0 , u . TotalUnreadMentions )
2024-11-20 11:28:39 -05:00
_ , _ , err = th . SystemAdminClient . UpdateThreadReadForUser ( context . Background ( ) , th . BasicUser2 . Id , th . BasicTeam . Id , rpost . Id , rpost . CreateAt )
require . NoError ( t , err )
2021-04-27 08:48:43 -04:00
2023-06-06 17:29:29 -04:00
u , _ , _ = th . SystemAdminClient . GetUserThreads ( context . Background ( ) , th . BasicUser2 . Id , th . BasicTeam . Id , model . GetUserThreadsOpts { } )
2021-04-27 08:48:43 -04:00
require . EqualValues ( t , 1 , u . TotalUnreadMentions )
2024-11-20 11:28:39 -05:00
_ , _ , err = th . SystemAdminClient . UpdateThreadReadForUser ( context . Background ( ) , th . BasicUser2 . Id , th . BasicTeam . Id , rpost . Id , reply1 . CreateAt )
require . NoError ( t , err )
2022-04-11 12:43:14 -04:00
2023-06-06 17:29:29 -04:00
u , _ , _ = th . SystemAdminClient . GetUserThreads ( context . Background ( ) , th . BasicUser2 . Id , th . BasicTeam . Id , model . GetUserThreadsOpts { } )
2022-04-11 12:43:14 -04:00
require . EqualValues ( t , 1 , u . TotalUnreadMentions )
2024-11-20 11:28:39 -05:00
_ , _ , err = th . SystemAdminClient . UpdateThreadReadForUser ( context . Background ( ) , th . BasicUser2 . Id , th . BasicTeam . Id , rpost . Id , reply2 . CreateAt )
require . NoError ( t , err )
2021-04-27 08:48:43 -04:00
2023-06-06 17:29:29 -04:00
u , _ , _ = th . SystemAdminClient . GetUserThreads ( context . Background ( ) , th . BasicUser2 . Id , th . BasicTeam . Id , model . GetUserThreadsOpts { } )
2021-04-27 08:48:43 -04:00
require . EqualValues ( t , 0 , u . TotalUnreadMentions )
}
2021-03-22 14:02:16 -04:00
func TestPatchAndUpdateWithProviderAttributes ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2021-03-22 14:02:16 -04:00
t . Run ( "LDAP user" , func ( t * testing . T ) {
2025-11-12 07:00:51 -05:00
th := SetupEnterprise ( t ) . InitBasic ( t )
user := th . CreateUserWithAuth ( t , model . UserAuthServiceLdap )
2021-03-22 14:02:16 -04:00
ldapMock := & mocks . LdapInterface { }
ldapMock . Mock . On (
"CheckProviderAttributes" ,
2023-10-06 16:43:21 -04:00
mock . AnythingOfType ( "*request.Context" ) ,
mock . AnythingOfType ( "*model.LdapSettings" ) ,
mock . AnythingOfType ( "*model.User" ) ,
mock . AnythingOfType ( "*model.UserPatch" ) ,
2021-03-22 14:02:16 -04:00
) . Return ( "" )
2022-03-03 01:52:10 -05:00
th . App . Channels ( ) . Ldap = ldapMock
2021-03-22 14:02:16 -04:00
// CheckProviderAttributes should be called for both Patch and Update
2024-11-20 11:28:39 -05:00
_ , _ , err := th . SystemAdminClient . PatchUser ( context . Background ( ) , user . Id , & model . UserPatch { } )
require . NoError ( t , err )
2021-03-22 14:02:16 -04:00
ldapMock . AssertNumberOfCalls ( t , "CheckProviderAttributes" , 1 )
2024-11-20 11:28:39 -05:00
_ , _ , err = th . SystemAdminClient . UpdateUser ( context . Background ( ) , user )
require . NoError ( t , err )
2021-03-22 14:02:16 -04:00
ldapMock . AssertNumberOfCalls ( t , "CheckProviderAttributes" , 2 )
} )
t . Run ( "SAML user" , func ( t * testing . T ) {
t . Run ( "with LDAP sync" , func ( t * testing . T ) {
2025-11-12 07:00:51 -05:00
th := SetupEnterprise ( t ) . InitBasic ( t )
2021-03-22 14:02:16 -04:00
th . SetupLdapConfig ( )
th . SetupSamlConfig ( )
th . App . UpdateConfig ( func ( cfg * model . Config ) {
* cfg . SamlSettings . EnableSyncWithLdap = true
} )
2025-11-12 07:00:51 -05:00
user := th . CreateUserWithAuth ( t , model . UserAuthServiceSaml )
2021-03-22 14:02:16 -04:00
ldapMock := & mocks . LdapInterface { }
ldapMock . Mock . On (
2023-10-06 16:43:21 -04:00
"CheckProviderAttributes" , mock . AnythingOfType ( "*request.Context" ) , mock . AnythingOfType ( "*model.LdapSettings" ) , mock . AnythingOfType ( "*model.User" ) , mock . AnythingOfType ( "*model.UserPatch" ) ,
2021-03-22 14:02:16 -04:00
) . Return ( "" )
2022-03-03 01:52:10 -05:00
th . App . Channels ( ) . Ldap = ldapMock
2024-11-20 11:28:39 -05:00
_ , _ , err := th . SystemAdminClient . PatchUser ( context . Background ( ) , user . Id , & model . UserPatch { } )
require . NoError ( t , err )
2021-03-22 14:02:16 -04:00
ldapMock . AssertNumberOfCalls ( t , "CheckProviderAttributes" , 1 )
2024-11-20 11:28:39 -05:00
_ , _ , err = th . SystemAdminClient . UpdateUser ( context . Background ( ) , user )
require . NoError ( t , err )
2021-03-22 14:02:16 -04:00
ldapMock . AssertNumberOfCalls ( t , "CheckProviderAttributes" , 2 )
} )
t . Run ( "without LDAP sync" , func ( t * testing . T ) {
2025-11-12 07:00:51 -05:00
th := SetupEnterprise ( t ) . InitBasic ( t )
user := th . CreateUserWithAuth ( t , model . UserAuthServiceSaml )
2021-03-22 14:02:16 -04:00
samlMock := & mocks . SamlInterface { }
samlMock . Mock . On (
2023-10-06 16:43:21 -04:00
"CheckProviderAttributes" , mock . AnythingOfType ( "*request.Context" ) , mock . AnythingOfType ( "*model.SamlSettings" ) , mock . AnythingOfType ( "*model.User" ) , mock . AnythingOfType ( "*model.UserPatch" ) ,
2021-03-22 14:02:16 -04:00
) . Return ( "" )
2022-03-03 01:52:10 -05:00
th . App . Channels ( ) . Saml = samlMock
2024-11-20 11:28:39 -05:00
_ , _ , err := th . SystemAdminClient . PatchUser ( context . Background ( ) , user . Id , & model . UserPatch { } )
require . NoError ( t , err )
2021-03-22 14:02:16 -04:00
samlMock . AssertNumberOfCalls ( t , "CheckProviderAttributes" , 1 )
2024-11-20 11:28:39 -05:00
_ , _ , err = th . SystemAdminClient . UpdateUser ( context . Background ( ) , user )
require . NoError ( t , err )
2021-03-22 14:02:16 -04:00
samlMock . AssertNumberOfCalls ( t , "CheckProviderAttributes" , 2 )
} )
} )
t . Run ( "OpenID user" , func ( t * testing . T ) {
2025-11-12 07:00:51 -05:00
th := SetupEnterprise ( t ) . InitBasic ( t )
user := th . CreateUserWithAuth ( t , model . ServiceOpenid )
2021-03-22 14:02:16 -04:00
// OAUTH users cannot change these fields
for _ , fieldName := range [ ] string {
"FirstName" ,
"LastName" ,
} {
patch := user . ToPatch ( )
patch . SetField ( fieldName , "something new" )
2023-10-06 16:43:21 -04:00
conflictField := th . App . CheckProviderAttributes ( th . Context , user , patch )
2021-03-22 14:02:16 -04:00
require . NotEqual ( t , "" , conflictField )
}
} )
t . Run ( "Patch username" , func ( t * testing . T ) {
2025-11-12 07:00:51 -05:00
th := SetupEnterprise ( t ) . InitBasic ( t )
2021-03-22 14:02:16 -04:00
// For non-email users, the username must be changed through the provider
for _ , authService := range [ ] string {
2021-07-12 14:05:36 -04:00
model . UserAuthServiceLdap ,
model . UserAuthServiceSaml ,
model . ServiceOpenid ,
2021-03-22 14:02:16 -04:00
} {
2025-11-12 07:00:51 -05:00
user := th . CreateUserWithAuth ( t , authService )
2024-08-05 23:45:00 -04:00
patch := & model . UserPatch { Username : model . NewPointer ( "something new" ) }
2023-10-06 16:43:21 -04:00
conflictField := th . App . CheckProviderAttributes ( th . Context , user , patch )
2021-03-22 14:02:16 -04:00
require . NotEqual ( t , "" , conflictField )
}
} )
}
func TestSetProfileImageWithProviderAttributes ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2021-03-22 14:02:16 -04:00
data , err := testutils . ReadTestFile ( "test.png" )
require . NoError ( t , err )
type imageTestCase struct {
testName string
ldapAttrIsSet bool
shouldPass bool
}
doImageTest := func ( t * testing . T , th * TestHelper , user * model . User , testCase imageTestCase ) {
client := th . SystemAdminClient
t . Run ( testCase . testName , func ( t * testing . T ) {
th . App . UpdateConfig ( func ( cfg * model . Config ) {
if testCase . ldapAttrIsSet {
* cfg . LdapSettings . PictureAttribute = "jpegPhoto"
} else {
* cfg . LdapSettings . PictureAttribute = ""
}
} )
2023-06-06 17:29:29 -04:00
resp , err2 := client . SetProfileImage ( context . Background ( ) , user . Id , data )
2021-03-22 14:02:16 -04:00
if testCase . shouldPass {
2021-08-13 07:12:16 -04:00
require . NoError ( t , err2 )
2021-03-22 14:02:16 -04:00
} else {
2021-08-13 07:12:16 -04:00
require . Error ( t , err2 )
checkHTTPStatus ( t , resp , http . StatusConflict )
2021-03-22 14:02:16 -04:00
}
} )
}
doCleanup := func ( t * testing . T , th * TestHelper , user * model . User ) {
info := & model . FileInfo { Path : "users/" + user . Id + "/profile.png" }
err = th . cleanupTestFile ( info )
2021-04-12 06:51:31 -04:00
require . NoError ( t , err )
2021-03-22 14:02:16 -04:00
}
t . Run ( "LDAP user" , func ( t * testing . T ) {
testCases := [ ] imageTestCase {
{ "profile picture attribute is set" , true , false } ,
{ "profile picture attribute is not set" , false , true } ,
}
2025-11-12 07:00:51 -05:00
th := SetupEnterprise ( t ) . InitBasic ( t )
2021-03-22 14:02:16 -04:00
th . SetupLdapConfig ( )
2025-11-12 07:00:51 -05:00
user := th . CreateUserWithAuth ( t , model . UserAuthServiceLdap )
2021-03-22 14:02:16 -04:00
for _ , testCase := range testCases {
doImageTest ( t , th , user , testCase )
}
doCleanup ( t , th , user )
} )
t . Run ( "SAML user" , func ( t * testing . T ) {
2025-11-12 07:00:51 -05:00
th := SetupEnterprise ( t ) . InitBasic ( t )
2021-03-22 14:02:16 -04:00
th . SetupLdapConfig ( )
th . SetupSamlConfig ( )
2025-11-12 07:00:51 -05:00
user := th . CreateUserWithAuth ( t , model . UserAuthServiceSaml )
2021-03-22 14:02:16 -04:00
t . Run ( "with LDAP sync" , func ( t * testing . T ) {
th . App . UpdateConfig ( func ( cfg * model . Config ) {
* cfg . SamlSettings . EnableSyncWithLdap = true
} )
testCases := [ ] imageTestCase {
{ "profile picture attribute is set" , true , false } ,
{ "profile picture attribute is not set" , false , true } ,
}
for _ , testCase := range testCases {
doImageTest ( t , th , user , testCase )
}
} )
t . Run ( "without LDAP sync" , func ( t * testing . T ) {
th . App . UpdateConfig ( func ( cfg * model . Config ) {
* cfg . SamlSettings . EnableSyncWithLdap = false
} )
testCases := [ ] imageTestCase {
{ "profile picture attribute is set" , true , true } ,
{ "profile picture attribute is not set" , false , true } ,
}
for _ , testCase := range testCases {
doImageTest ( t , th , user , testCase )
}
} )
doCleanup ( t , th , user )
} )
}
2022-02-03 00:58:01 -05:00
2022-02-10 15:36:14 -05:00
func TestGetUsersWithInvalidEmails ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2022-02-10 15:36:14 -05:00
client := th . SystemAdminClient
user := model . User {
Email : "ben@invalid.mattermost.com" ,
Nickname : "Ben Cooke" ,
2026-04-08 15:49:43 -04:00
Password : model . NewTestPassword ( ) ,
2022-02-10 15:36:14 -05:00
Username : GenerateTestUsername ( ) ,
Roles : model . SystemAdminRoleId + " " + model . SystemUserRoleId ,
}
2023-06-06 17:29:29 -04:00
_ , resp , err := client . CreateUser ( context . Background ( ) , & user )
2022-02-10 15:36:14 -05:00
require . NoError ( t , err )
CheckCreatedStatus ( t , resp )
th . App . UpdateConfig ( func ( cfg * model . Config ) {
* cfg . TeamSettings . EnableOpenServer = false
* cfg . TeamSettings . RestrictCreationToDomains = "localhost,simulator.amazonses.com"
} )
2023-06-06 17:29:29 -04:00
users , _ , err := client . GetUsersWithInvalidEmails ( context . Background ( ) , 0 , 50 )
2022-02-10 15:36:14 -05:00
require . NoError ( t , err )
assert . Len ( t , users , 1 )
th . App . UpdateConfig ( func ( cfg * model . Config ) {
* cfg . TeamSettings . EnableOpenServer = true
} )
2023-06-06 17:29:29 -04:00
_ , resp , err = client . GetUsersWithInvalidEmails ( context . Background ( ) , 0 , 50 )
2022-02-10 15:36:14 -05:00
require . Error ( t , err )
CheckBadRequestStatus ( t , resp )
th . App . UpdateConfig ( func ( cfg * model . Config ) {
* cfg . TeamSettings . EnableOpenServer = false
* cfg . TeamSettings . RestrictCreationToDomains = "localhost,simulator.amazonses.com,invalid.mattermost.com"
} )
2023-06-06 17:29:29 -04:00
users , _ , err = client . GetUsersWithInvalidEmails ( context . Background ( ) , 0 , 50 )
2022-02-10 15:36:14 -05:00
require . NoError ( t , err )
assert . Len ( t , users , 0 )
2023-06-06 17:29:29 -04:00
_ , resp , err = th . Client . GetUsersWithInvalidEmails ( context . Background ( ) , 0 , 50 )
2022-02-10 15:36:14 -05:00
require . Error ( t , err )
CheckForbiddenStatus ( t , resp )
}
2025-01-27 13:03:16 -05:00
2022-02-03 00:58:01 -05:00
func TestUserUpdateEvents ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2022-02-03 00:58:01 -05:00
client1 := th . CreateClient ( )
2025-11-12 07:00:51 -05:00
th . LoginBasicWithClient ( t , client1 )
2025-12-10 14:15:31 -05:00
wsClient1 := th . CreateConnectedWebSocketClientWithClient ( t , client1 )
2022-02-03 00:58:01 -05:00
client2 := th . CreateClient ( )
2025-11-12 07:00:51 -05:00
th . LoginBasic2WithClient ( t , client2 )
2025-12-10 14:15:31 -05:00
wsClient2 := th . CreateConnectedWebSocketClientWithClient ( t , client2 )
2022-02-03 00:58:01 -05:00
2025-12-10 14:15:31 -05:00
t . Run ( "nickname" , func ( t * testing . T ) {
assertUpdated := func ( t * testing . T , event * model . WebSocketEvent , expectedNickname string ) * model . User {
2022-02-03 00:58:01 -05:00
eventUser , ok := event . GetData ( ) [ "user" ] . ( * model . User )
require . True ( t , ok , "expected user" )
2025-12-10 14:15:31 -05:00
assert . Equal ( t , th . BasicUser . Id , eventUser . Id )
assert . Equal ( t , expectedNickname , eventUser . Nickname )
// Some fields must always be sanitized
CheckUserSanitization ( t , eventUser )
return eventUser
}
t . Run ( "update" , func ( t * testing . T ) {
th . TestForSystemAdminAndLocal ( t , func ( t * testing . T , client * model . Client4 ) {
newNickname := model . NewUsername ( )
th . BasicUser . Nickname = newNickname
_ , _ , err := client1 . UpdateUser ( context . Background ( ) , th . BasicUser )
require . NoError ( t , err )
assertExpectedWebsocketEvent ( t , wsClient1 , model . WebsocketEventUserUpdated , func ( event * model . WebSocketEvent ) {
eventUser := assertUpdated ( t , event , newNickname )
assert . NotEmpty ( t , eventUser . NotifyProps , "source user should keep notify_props" )
} )
assertExpectedWebsocketEvent ( t , wsClient2 , model . WebsocketEventUserUpdated , func ( event * model . WebSocketEvent ) {
eventUser := assertUpdated ( t , event , newNickname )
assert . Empty ( t , eventUser . NotifyProps , "non-source users should have sanitized notify_props" )
} )
} )
} )
t . Run ( "patch" , func ( t * testing . T ) {
th . TestForSystemAdminAndLocal ( t , func ( t * testing . T , client * model . Client4 ) {
newNickname := model . NewUsername ( )
_ , _ , err := client1 . PatchUser ( context . Background ( ) , th . BasicUser . Id , & model . UserPatch {
Nickname : & newNickname ,
} )
require . NoError ( t , err )
assertExpectedWebsocketEvent ( t , wsClient1 , model . WebsocketEventUserUpdated , func ( event * model . WebSocketEvent ) {
eventUser := assertUpdated ( t , event , newNickname )
assert . NotEmpty ( t , eventUser . NotifyProps , "source user should keep notify_props" )
} )
assertExpectedWebsocketEvent ( t , wsClient2 , model . WebsocketEventUserUpdated , func ( event * model . WebSocketEvent ) {
eventUser := assertUpdated ( t , event , newNickname )
assert . Empty ( t , eventUser . NotifyProps , "non-source users should have sanitized notify_props" )
} )
} )
2022-02-03 00:58:01 -05:00
} )
2025-12-10 14:15:31 -05:00
} )
t . Run ( "username" , func ( t * testing . T ) {
assertUpdated := func ( t * testing . T , event * model . WebSocketEvent , expectedUsername string ) * model . User {
2022-02-03 00:58:01 -05:00
eventUser , ok := event . GetData ( ) [ "user" ] . ( * model . User )
require . True ( t , ok , "expected user" )
2025-12-10 14:15:31 -05:00
assert . Equal ( t , th . BasicUser . Id , eventUser . Id )
assert . Equal ( t , expectedUsername , eventUser . Username )
// Some fields must always be sanitized
CheckUserSanitization ( t , eventUser )
return eventUser
}
t . Run ( "update" , func ( t * testing . T ) {
th . TestForSystemAdminAndLocal ( t , func ( t * testing . T , client * model . Client4 ) {
newUsername := model . NewUsername ( )
th . BasicUser . Username = newUsername
_ , _ , err := client1 . UpdateUser ( context . Background ( ) , th . BasicUser )
require . NoError ( t , err )
assertExpectedWebsocketEvent ( t , wsClient1 , model . WebsocketEventUserUpdated , func ( event * model . WebSocketEvent ) {
eventUser := assertUpdated ( t , event , newUsername )
assert . NotEmpty ( t , eventUser . NotifyProps , "source user should keep notify_props" )
} )
assertExpectedWebsocketEvent ( t , wsClient2 , model . WebsocketEventUserUpdated , func ( event * model . WebSocketEvent ) {
eventUser := assertUpdated ( t , event , newUsername )
assert . Empty ( t , eventUser . NotifyProps , "non-source users should have sanitized notify_props" )
} )
} )
} )
t . Run ( "patch" , func ( t * testing . T ) {
th . TestForSystemAdminAndLocal ( t , func ( t * testing . T , client * model . Client4 ) {
newUsername := model . NewUsername ( )
_ , _ , err := client1 . PatchUser ( context . Background ( ) , th . BasicUser . Id , & model . UserPatch {
Username : & newUsername ,
} )
require . NoError ( t , err )
assertExpectedWebsocketEvent ( t , wsClient1 , model . WebsocketEventUserUpdated , func ( event * model . WebSocketEvent ) {
eventUser := assertUpdated ( t , event , newUsername )
assert . NotEmpty ( t , eventUser . NotifyProps , "source user should keep notify_props" )
} )
assertExpectedWebsocketEvent ( t , wsClient2 , model . WebsocketEventUserUpdated , func ( event * model . WebSocketEvent ) {
eventUser := assertUpdated ( t , event , newUsername )
assert . Empty ( t , eventUser . NotifyProps , "non-source users should have sanitized notify_props" )
} )
} )
2022-02-03 00:58:01 -05:00
} )
} )
}
2024-08-21 18:00:19 -04:00
func TestLoginWithDesktopToken ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2024-08-21 18:00:19 -04:00
t . Run ( "login SAML User with desktop token" , func ( t * testing . T ) {
2025-11-12 07:00:51 -05:00
samlUser := th . CreateUserWithAuth ( t , model . UserAuthServiceSaml )
2024-08-21 18:00:19 -04:00
token , appErr := th . App . GenerateAndSaveDesktopToken ( time . Now ( ) . Unix ( ) , samlUser )
assert . Nil ( t , appErr )
user , _ , err := th . Client . LoginWithDesktopToken ( context . Background ( ) , * token , "" )
require . NoError ( t , err )
assert . Equal ( t , samlUser . Id , user . Id )
sessions , _ , err := th . SystemAdminClient . GetSessions ( context . Background ( ) , samlUser . Id , "" )
require . NoError ( t , err )
assert . Len ( t , sessions , 1 )
assert . Equal ( t , "true" , sessions [ 0 ] . Props [ "isSaml" ] )
assert . Equal ( t , "false" , sessions [ 0 ] . Props [ "isOAuthUser" ] )
} )
t . Run ( "login OAuth User with desktop token" , func ( t * testing . T ) {
2025-11-12 07:00:51 -05:00
gitlabUser := th . CreateUserWithAuth ( t , model . UserAuthServiceGitlab )
2024-08-21 18:00:19 -04:00
token , appErr := th . App . GenerateAndSaveDesktopToken ( time . Now ( ) . Unix ( ) , gitlabUser )
assert . Nil ( t , appErr )
user , _ , err := th . Client . LoginWithDesktopToken ( context . Background ( ) , * token , "" )
require . NoError ( t , err )
assert . Equal ( t , gitlabUser . Id , user . Id )
sessions , _ , err := th . SystemAdminClient . GetSessions ( context . Background ( ) , gitlabUser . Id , "" )
require . NoError ( t , err )
assert . Len ( t , sessions , 1 )
assert . Equal ( t , "false" , sessions [ 0 ] . Props [ "isSaml" ] )
assert . Equal ( t , "true" , sessions [ 0 ] . Props [ "isOAuthUser" ] )
} )
t . Run ( "login email user with desktop token" , func ( t * testing . T ) {
// Sleep to avoid rate limit error
time . Sleep ( time . Second )
2025-11-12 07:00:51 -05:00
user := th . CreateUser ( t )
2024-08-21 18:00:19 -04:00
token , appErr := th . App . GenerateAndSaveDesktopToken ( time . Now ( ) . Unix ( ) , user )
assert . Nil ( t , appErr )
_ , resp , err := th . Client . LoginWithDesktopToken ( context . Background ( ) , * token , "" )
require . Error ( t , err )
CheckUnauthorizedStatus ( t , resp )
} )
t . Run ( "invalid desktop token on login" , func ( t * testing . T ) {
2025-11-12 07:00:51 -05:00
user := th . CreateUser ( t )
2024-08-21 18:00:19 -04:00
_ , appErr := th . App . GenerateAndSaveDesktopToken ( time . Now ( ) . Unix ( ) , user )
assert . Nil ( t , appErr )
invalidToken := "testinvalidToken"
token := & invalidToken
_ , _ , err := th . Client . LoginWithDesktopToken ( context . Background ( ) , * token , "" )
require . Error ( t , err )
sessions , _ , err := th . SystemAdminClient . GetSessions ( context . Background ( ) , user . Id , "" )
require . NoError ( t , err )
assert . Len ( t , sessions , 0 )
} )
}
2024-10-23 18:47:11 -04:00
2026-02-16 11:07:02 -05:00
func TestLoginSSOCodeExchangeDeprecated ( t * testing . T ) {
mainHelper . Parallel ( t )
th := SetupConfig ( t , func ( cfg * model . Config ) {
cfg . FeatureFlags . MobileSSOCodeExchange = false
} ) . InitBasic ( t )
props := map [ string ] string {
"login_code" : "test_code" ,
"code_verifier" : "test_verifier" ,
"state" : "test_state" ,
}
resp , err := th . Client . DoAPIPost ( context . Background ( ) , "/users/login/sso/code-exchange" , model . MapToJSON ( props ) )
require . Error ( t , err )
require . Equal ( t , http . StatusGone , resp . StatusCode )
assert . Equal ( t , "true" , resp . Header . Get ( "Deprecation" ) )
}
// TestLoginSSOCodeExchange tests the code-exchange endpoint when enabled via feature flag.
// Note: This endpoint is deprecated and disabled by default. These tests verify behavior
// when explicitly enabled via feature flag (for backwards compatibility during rollout).
2025-10-22 17:03:33 -04:00
func TestLoginSSOCodeExchange ( t * testing . T ) {
mainHelper . Parallel ( t )
2026-02-16 11:07:02 -05:00
th := SetupConfig ( t , func ( cfg * model . Config ) {
cfg . FeatureFlags . MobileSSOCodeExchange = true
} ) . InitBasic ( t )
2025-10-22 17:03:33 -04:00
t . Run ( "wrong token type cannot be used for code exchange" , func ( t * testing . T ) {
token := model . NewToken ( model . TokenTypeOAuth , "extra-data" )
require . NoError ( t , th . App . Srv ( ) . Store ( ) . Token ( ) . Save ( token ) )
defer func ( ) {
_ = th . App . Srv ( ) . Store ( ) . Token ( ) . Delete ( token . Token )
} ( )
props := map [ string ] string {
"login_code" : token . Token ,
"code_verifier" : "test_verifier" ,
"state" : "test_state" ,
}
resp , err := th . Client . DoAPIPost ( context . Background ( ) , "/users/login/sso/code-exchange" , model . MapToJSON ( props ) )
require . Error ( t , err )
require . Equal ( t , http . StatusNotFound , resp . StatusCode )
} )
t . Run ( "successful code exchange with S256 challenge" , func ( t * testing . T ) {
2025-11-12 07:00:51 -05:00
samlUser := th . CreateUserWithAuth ( t , model . UserAuthServiceSaml )
2025-10-22 17:03:33 -04:00
codeVerifier := "test_code_verifier_123456789"
state := "test_state_value"
sum := sha256 . Sum256 ( [ ] byte ( codeVerifier ) )
codeChallenge := base64 . RawURLEncoding . EncodeToString ( sum [ : ] )
extra := map [ string ] string {
"user_id" : samlUser . Id ,
"code_challenge" : codeChallenge ,
"code_challenge_method" : "S256" ,
"state" : state ,
}
token := model . NewToken ( model . TokenTypeSSOCodeExchange , model . MapToJSON ( extra ) )
require . NoError ( t , th . App . Srv ( ) . Store ( ) . Token ( ) . Save ( token ) )
props := map [ string ] string {
"login_code" : token . Token ,
"code_verifier" : codeVerifier ,
"state" : state ,
}
resp , err := th . Client . DoAPIPost ( context . Background ( ) , "/users/login/sso/code-exchange" , model . MapToJSON ( props ) )
require . NoError ( t , err )
require . Equal ( t , http . StatusOK , resp . StatusCode )
var result map [ string ] string
require . NoError ( t , json . NewDecoder ( resp . Body ) . Decode ( & result ) )
assert . NotEmpty ( t , result [ "token" ] )
assert . NotEmpty ( t , result [ "csrf" ] )
_ , err = th . App . Srv ( ) . Store ( ) . Token ( ) . GetByToken ( token . Token )
require . Error ( t , err )
authenticatedClient := model . NewAPIv4Client ( th . Client . URL )
authenticatedClient . SetToken ( result [ "token" ] )
user , _ , err := authenticatedClient . GetMe ( context . Background ( ) , "" )
require . NoError ( t , err )
assert . Equal ( t , samlUser . Id , user . Id )
assert . Equal ( t , samlUser . Email , user . Email )
assert . Equal ( t , samlUser . Username , user . Username )
} )
}
2024-10-23 18:47:11 -04:00
func TestGetUsersByNames ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2024-10-23 18:47:11 -04:00
t . Run ( "Get users by valid usernames" , func ( t * testing . T ) {
users , _ , err := th . Client . GetUsersByUsernames ( context . Background ( ) , [ ] string { th . BasicUser . Username , th . BasicUser2 . Username } )
require . NoError ( t , err )
require . ElementsMatch ( t , [ ] string { th . BasicUser . Username , th . BasicUser2 . Username } , [ ] string { users [ 0 ] . Username , users [ 1 ] . Username } )
for _ , user := range users {
CheckUserSanitization ( t , user )
}
} )
t . Run ( "Get users by invalid usernames" , func ( t * testing . T ) {
users , resp , err := th . Client . GetUsersByUsernames ( context . Background ( ) , [ ] string { "invalid1" , "invalid2" } )
require . NoError ( t , err )
CheckOKStatus ( t , resp )
require . Empty ( t , users )
} )
t . Run ( "Get users by mixed valid and invalid usernames" , func ( t * testing . T ) {
users , resp , err := th . Client . GetUsersByUsernames ( context . Background ( ) , [ ] string { th . BasicUser . Username , "invalid" } )
require . NoError ( t , err )
CheckOKStatus ( t , resp )
require . ElementsMatch ( t , [ ] string { th . BasicUser . Username } , [ ] string { users [ 0 ] . Username } )
for _ , user := range users {
CheckUserSanitization ( t , user )
}
} )
t . Run ( "Get users by empty slice" , func ( t * testing . T ) {
_ , resp , err := th . Client . GetUsersByUsernames ( context . Background ( ) , [ ] string { } )
require . Error ( t , err )
CheckBadRequestStatus ( t , resp )
} )
t . Run ( "Get users without permissions" , func ( t * testing . T ) {
2024-11-20 11:28:39 -05:00
_ , err := th . Client . Logout ( context . Background ( ) )
require . NoError ( t , err )
2025-11-12 07:00:51 -05:00
defer th . LoginBasic ( t ) // Ensure the client is logged back in after the test
2024-10-23 18:47:11 -04:00
_ , resp , err := th . Client . GetUsersByUsernames ( context . Background ( ) , [ ] string { th . BasicUser . Username } )
require . Error ( t , err )
CheckUnauthorizedStatus ( t , resp )
} )
t . Run ( "Get users as system admin" , func ( t * testing . T ) {
users , resp , err := th . SystemAdminClient . GetUsersByUsernames ( context . Background ( ) , [ ] string { th . BasicUser . Username } )
require . NoError ( t , err )
CheckOKStatus ( t , resp )
require . ElementsMatch ( t , [ ] string { th . BasicUser . Username } , [ ] string { users [ 0 ] . Username } )
require . Len ( t , users , 1 )
CheckUserSanitization ( t , users [ 0 ] )
} )
}
func TestGetFilteredUsersStats ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2024-10-23 18:47:11 -04:00
t . Run ( "Get filtered users stats as system admin" , func ( t * testing . T ) {
// Create an additional user and link them to the team
2025-11-12 07:00:51 -05:00
regularUser := th . CreateUser ( t )
th . LinkUserToTeam ( t , regularUser , th . BasicTeam )
2024-10-23 18:47:11 -04:00
options := & model . UserCountOptions {
TeamId : th . BasicTeam . Id ,
IncludeDeleted : false ,
IncludeBotAccounts : false ,
IncludeRemoteUsers : false ,
}
stats , resp , err := th . SystemAdminClient . GetFilteredUsersStats ( context . Background ( ) , options )
require . NoError ( t , err )
CheckOKStatus ( t , resp )
require . NotNil ( t , stats )
// We expect 4 users: BasicUser, BasicUser2, the newly created regularUser, and possibly a system admin or other pre-existing user
expectedCount := int64 ( 4 )
assert . Equal ( t , expectedCount , stats . TotalUsersCount , "Unexpected user count" )
} )
t . Run ( "Get filtered users stats as regular user" , func ( t * testing . T ) {
options := & model . UserCountOptions {
TeamId : th . BasicTeam . Id ,
IncludeDeleted : false ,
IncludeBotAccounts : false ,
IncludeRemoteUsers : false ,
}
_ , resp , err := th . Client . GetFilteredUsersStats ( context . Background ( ) , options )
require . Error ( t , err )
CheckForbiddenStatus ( t , resp )
} )
t . Run ( "Get filtered users stats with invalid team id" , func ( t * testing . T ) {
options := & model . UserCountOptions {
TeamId : "invalid_team_id" ,
IncludeDeleted : false ,
IncludeBotAccounts : false ,
IncludeRemoteUsers : false ,
}
stats , resp , err := th . SystemAdminClient . GetFilteredUsersStats ( context . Background ( ) , options )
require . NoError ( t , err )
CheckOKStatus ( t , resp )
require . NotNil ( t , stats )
// The server seems to return stats even with an invalid team ID
// We should check that the returned stats make sense in this context
require . Equal ( t , int64 ( 0 ) , stats . TotalUsersCount , "Expected 0 users for an invalid team ID" )
} )
t . Run ( "Get filtered users stats with roles" , func ( t * testing . T ) {
options := model . UserCountOptions {
TeamId : th . BasicTeam . Id ,
IncludeDeleted : false ,
IncludeBotAccounts : false ,
IncludeRemoteUsers : false ,
Roles : [ ] string { model . SystemUserRoleId } ,
}
// Get the actual count from the server
actualCount , err := th . App . Srv ( ) . Store ( ) . User ( ) . Count ( options )
require . NoError ( t , err )
// Get the count from the client
stats , resp , err := th . SystemAdminClient . GetFilteredUsersStats ( context . Background ( ) , & options )
require . NoError ( t , err )
CheckOKStatus ( t , resp )
require . NotNil ( t , stats )
// Compare the counts
assert . Equal ( t , actualCount , stats . TotalUsersCount , "Client-side count should match server-side count" )
assert . True ( t , stats . TotalUsersCount > 0 , "There should be at least one user" )
} )
t . Run ( "Get filtered users stats with team roles" , func ( t * testing . T ) {
options := model . UserCountOptions {
TeamId : th . BasicTeam . Id ,
IncludeDeleted : false ,
IncludeBotAccounts : false ,
IncludeRemoteUsers : false ,
TeamRoles : [ ] string { model . TeamUserRoleId } ,
}
// Get the actual count from the server
actualCount , err := th . App . Srv ( ) . Store ( ) . User ( ) . Count ( options )
require . NoError ( t , err )
// Get the count from the client
stats , resp , err := th . SystemAdminClient . GetFilteredUsersStats ( context . Background ( ) , & options )
require . NoError ( t , err )
CheckOKStatus ( t , resp )
require . NotNil ( t , stats )
// Compare the counts
assert . Equal ( t , actualCount , stats . TotalUsersCount , "Client-side count should match server-side count" )
assert . True ( t , stats . TotalUsersCount > 0 , "There should be at least one user with the specified team role" )
} )
}
func TestGetDefaultProfileImage ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2024-10-23 18:47:11 -04:00
t . Run ( "Get default profile image for existing user" , func ( t * testing . T ) {
user := th . BasicUser
img , resp , err := th . Client . GetDefaultProfileImage ( context . Background ( ) , user . Id )
require . NoError ( t , err )
require . NotNil ( t , img )
require . Equal ( t , http . StatusOK , resp . StatusCode )
// Check if the image is a valid PNG
_ , err = png . Decode ( bytes . NewReader ( img ) )
require . NoError ( t , err , "Image should be a valid PNG" )
} )
t . Run ( "Get default profile image for non-existent user" , func ( t * testing . T ) {
nonExistentUserId := model . NewId ( )
_ , resp , err := th . Client . GetDefaultProfileImage ( context . Background ( ) , nonExistentUserId )
require . Error ( t , err )
CheckNotFoundStatus ( t , resp )
} )
t . Run ( "Get default profile image without proper permissions" , func ( t * testing . T ) {
2025-11-12 07:00:51 -05:00
user := th . CreateUser ( t )
2024-10-23 18:47:11 -04:00
2024-11-20 11:28:39 -05:00
_ , err := th . Client . Logout ( context . Background ( ) )
require . NoError ( t , err )
2024-10-23 18:47:11 -04:00
_ , resp , err := th . Client . GetDefaultProfileImage ( context . Background ( ) , user . Id )
require . Error ( t , err )
CheckUnauthorizedStatus ( t , resp )
} )
t . Run ( "Get default profile image as system admin" , func ( t * testing . T ) {
2025-11-12 07:00:51 -05:00
user := th . CreateUser ( t )
2024-10-23 18:47:11 -04:00
img , resp , err := th . SystemAdminClient . GetDefaultProfileImage ( context . Background ( ) , user . Id )
require . NoError ( t , err )
require . NotNil ( t , img )
require . Equal ( t , http . StatusOK , resp . StatusCode )
_ , err = png . Decode ( bytes . NewReader ( img ) )
require . NoError ( t , err , "Image should be a valid PNG" )
} )
t . Run ( "Consistent default image for the same user" , func ( t * testing . T ) {
2025-11-12 07:00:51 -05:00
user := th . CreateUser ( t )
2024-10-23 18:47:11 -04:00
// Login as the newly created user
2024-11-20 11:28:39 -05:00
_ , _ , err := th . Client . Login ( context . Background ( ) , user . Email , user . Password )
require . NoError ( t , err )
2024-10-23 18:47:11 -04:00
img1 , resp , err := th . Client . GetDefaultProfileImage ( context . Background ( ) , user . Id )
require . NoError ( t , err )
CheckOKStatus ( t , resp )
img2 , resp , err := th . Client . GetDefaultProfileImage ( context . Background ( ) , user . Id )
require . NoError ( t , err )
CheckOKStatus ( t , resp )
require . Equal ( t , img1 , img2 , "Default profile images should be consistent for the same user" )
// Logout after the test
2024-11-20 11:28:39 -05:00
_ , err = th . Client . Logout ( context . Background ( ) )
require . NoError ( t , err )
2024-10-23 18:47:11 -04:00
} )
}
func TestGetUserThread ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2024-10-23 18:47:11 -04:00
client := th . Client
user := th . BasicUser
team := th . BasicTeam
t . Run ( "get thread for user" , func ( t * testing . T ) {
// Create a post
post , _ , err := client . CreatePost ( context . Background ( ) , & model . Post {
ChannelId : th . BasicChannel . Id ,
Message : "Root message" ,
} )
require . NoError ( t , err )
// Create a reply to ensure thread membership
_ , _ , err = client . CreatePost ( context . Background ( ) , & model . Post {
ChannelId : th . BasicChannel . Id ,
RootId : post . Id ,
Message : "Reply" ,
} )
require . NoError ( t , err )
// Get the thread
thread , resp , err := client . GetUserThread ( context . Background ( ) , user . Id , team . Id , post . Id , false )
require . NoError ( t , err )
CheckOKStatus ( t , resp )
require . NotNil ( t , thread )
require . Equal ( t , post . Id , thread . PostId )
require . Equal ( t , int64 ( 1 ) , thread . ReplyCount )
} )
t . Run ( "get thread for user with extended info" , func ( t * testing . T ) {
post , _ , err := client . CreatePost ( context . Background ( ) , & model . Post {
ChannelId : th . BasicChannel . Id ,
Message : "Root message for extended info" ,
} )
require . NoError ( t , err )
// Create a reply to ensure thread membership
_ , _ , err = client . CreatePost ( context . Background ( ) , & model . Post {
ChannelId : th . BasicChannel . Id ,
RootId : post . Id ,
Message : "Reply for extended info" ,
} )
require . NoError ( t , err )
thread , resp , err := client . GetUserThread ( context . Background ( ) , user . Id , team . Id , post . Id , true )
require . NoError ( t , err )
CheckOKStatus ( t , resp )
require . NotNil ( t , thread )
require . NotNil ( t , thread . Participants )
} )
t . Run ( "get thread for non-existent post" , func ( t * testing . T ) {
_ , resp , err := client . GetUserThread ( context . Background ( ) , user . Id , team . Id , model . NewId ( ) , false )
require . Error ( t , err )
CheckForbiddenStatus ( t , resp )
} )
t . Run ( "get thread without permissions" , func ( t * testing . T ) {
post , _ , err := client . CreatePost ( context . Background ( ) , & model . Post {
ChannelId : th . BasicChannel . Id ,
Message : "Root message for permissions test" ,
} )
require . NoError ( t , err )
// Log out
2024-11-20 11:28:39 -05:00
_ , err = client . Logout ( context . Background ( ) )
require . NoError ( t , err )
2024-10-23 18:47:11 -04:00
_ , resp , err := client . GetUserThread ( context . Background ( ) , user . Id , team . Id , post . Id , false )
require . Error ( t , err )
CheckUnauthorizedStatus ( t , resp )
} )
t . Run ( "get thread for different user" , func ( t * testing . T ) {
// Log back in
2024-11-20 11:28:39 -05:00
_ , _ , err := client . Login ( context . Background ( ) , user . Email , user . Password )
require . NoError ( t , err )
2024-10-23 18:47:11 -04:00
post , _ , err := client . CreatePost ( context . Background ( ) , & model . Post {
ChannelId : th . BasicChannel . Id ,
Message : "Root message for different user test" ,
} )
require . NoError ( t , err )
// Try to get thread for a different user
_ , resp , err := client . GetUserThread ( context . Background ( ) , th . BasicUser2 . Id , team . Id , post . Id , false )
require . Error ( t , err )
CheckForbiddenStatus ( t , resp )
} )
t . Run ( "get thread as system admin" , func ( t * testing . T ) {
// Create a post as the system admin
post , _ , err := th . SystemAdminClient . CreatePost ( context . Background ( ) , & model . Post {
ChannelId : th . BasicChannel . Id ,
Message : "Root message for system admin test" ,
} )
require . NoError ( t , err )
// Have the basic user reply to the post to create a thread membership
_ , _ , err = client . CreatePost ( context . Background ( ) , & model . Post {
ChannelId : th . BasicChannel . Id ,
RootId : post . Id ,
Message : "Reply from basic user" ,
} )
require . NoError ( t , err )
// Now try to get the thread as the system admin
thread , resp , err := th . SystemAdminClient . GetUserThread ( context . Background ( ) , user . Id , team . Id , post . Id , false )
require . NoError ( t , err )
CheckOKStatus ( t , resp )
require . NotNil ( t , thread )
require . Equal ( t , post . Id , thread . PostId )
require . Equal ( t , int64 ( 1 ) , thread . ReplyCount )
} )
}
func TestUpdateReadStateThreadByUser ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2024-10-23 18:47:11 -04:00
client := th . Client
user := th . BasicUser
team := th . BasicTeam
t . Run ( "update read state for thread" , func ( t * testing . T ) {
// Create a post
post , _ , err := client . CreatePost ( context . Background ( ) , & model . Post {
ChannelId : th . BasicChannel . Id ,
Message : "Root message" ,
} )
require . NoError ( t , err )
// Create a reply to ensure thread membership
_ , _ , err = client . CreatePost ( context . Background ( ) , & model . Post {
ChannelId : th . BasicChannel . Id ,
RootId : post . Id ,
Message : "Reply" ,
} )
require . NoError ( t , err )
// Update read state for the thread
timestamp := model . GetMillis ( )
thread , resp , err := client . UpdateThreadReadForUser ( context . Background ( ) , user . Id , team . Id , post . Id , timestamp )
require . NoError ( t , err )
CheckOKStatus ( t , resp )
require . NotNil ( t , thread )
require . Equal ( t , post . Id , thread . PostId )
require . Equal ( t , timestamp , thread . LastViewedAt )
} )
t . Run ( "update read state for non-existent thread" , func ( t * testing . T ) {
// Attempting to update read state for a non-existent thread results in a Forbidden error
// This is likely because the user doesn't have permission to access the non-existent thread
nonExistentPostId := model . NewId ( )
_ , resp , err := client . UpdateThreadReadForUser ( context . Background ( ) , user . Id , team . Id , nonExistentPostId , model . GetMillis ( ) )
require . Error ( t , err )
CheckForbiddenStatus ( t , resp )
} )
t . Run ( "update read state without permissions" , func ( t * testing . T ) {
// Create a post
post , _ , err := client . CreatePost ( context . Background ( ) , & model . Post {
ChannelId : th . BasicChannel . Id ,
Message : "Root message for permissions test" ,
} )
require . NoError ( t , err )
// Log out
2024-11-20 11:28:39 -05:00
_ , err = client . Logout ( context . Background ( ) )
require . NoError ( t , err )
2024-10-23 18:47:11 -04:00
_ , resp , err := client . UpdateThreadReadForUser ( context . Background ( ) , user . Id , team . Id , post . Id , model . GetMillis ( ) )
require . Error ( t , err )
CheckUnauthorizedStatus ( t , resp )
} )
t . Run ( "update read state for different user" , func ( t * testing . T ) {
// Log back in
2024-11-20 11:28:39 -05:00
_ , _ , err := client . Login ( context . Background ( ) , user . Email , user . Password )
require . NoError ( t , err )
2024-10-23 18:47:11 -04:00
post , _ , err := client . CreatePost ( context . Background ( ) , & model . Post {
ChannelId : th . BasicChannel . Id ,
Message : "Root message for different user test" ,
} )
require . NoError ( t , err )
// Try to update read state for a different user
_ , resp , err := client . UpdateThreadReadForUser ( context . Background ( ) , th . BasicUser2 . Id , team . Id , post . Id , model . GetMillis ( ) )
require . Error ( t , err )
CheckForbiddenStatus ( t , resp )
} )
}
func TestSetUnreadThreadByPostId ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2024-10-23 18:47:11 -04:00
client := th . Client
user := th . BasicUser
team := th . BasicTeam
t . Run ( "set unread state for thread" , func ( t * testing . T ) {
// Create a post
post , _ , err := client . CreatePost ( context . Background ( ) , & model . Post {
ChannelId : th . BasicChannel . Id ,
Message : "Root message" ,
} )
require . NoError ( t , err )
// Create a reply to ensure thread membership
reply , _ , err := client . CreatePost ( context . Background ( ) , & model . Post {
ChannelId : th . BasicChannel . Id ,
RootId : post . Id ,
Message : "Reply" ,
} )
require . NoError ( t , err )
// Set unread state for the thread
thread , resp , err := client . SetThreadUnreadByPostId ( context . Background ( ) , user . Id , team . Id , post . Id , reply . Id )
require . NoError ( t , err )
CheckOKStatus ( t , resp )
require . NotNil ( t , thread )
require . Equal ( t , post . Id , thread . PostId )
// Check that LastReplyAt matches the creation time of the last reply
require . Equal ( t , reply . CreateAt , thread . LastReplyAt , "LastReplyAt should match the creation time of the last reply" )
// Check if the thread is marked as unread
require . True ( t , thread . UnreadReplies > 0 , "Thread should have unread replies" )
// Check that UnreadMentions is 0 (assuming the reply didn't mention the user)
require . Equal ( t , int64 ( 0 ) , thread . UnreadMentions , "UnreadMentions should be 0 if the reply didn't mention the user" )
} )
t . Run ( "set unread state for non-existent thread" , func ( t * testing . T ) {
nonExistentPostId := model . NewId ( )
_ , resp , err := client . SetThreadUnreadByPostId ( context . Background ( ) , user . Id , team . Id , nonExistentPostId , nonExistentPostId )
require . Error ( t , err )
CheckForbiddenStatus ( t , resp )
} )
t . Run ( "set unread state without permissions" , func ( t * testing . T ) {
// Create a post
post , _ , err := client . CreatePost ( context . Background ( ) , & model . Post {
ChannelId : th . BasicChannel . Id ,
Message : "Root message for permissions test" ,
} )
require . NoError ( t , err )
// Log out
2024-11-20 11:28:39 -05:00
_ , err = client . Logout ( context . Background ( ) )
require . NoError ( t , err )
2024-10-23 18:47:11 -04:00
_ , resp , err := client . SetThreadUnreadByPostId ( context . Background ( ) , user . Id , team . Id , post . Id , post . Id )
require . Error ( t , err )
CheckUnauthorizedStatus ( t , resp )
} )
t . Run ( "set unread state for different user" , func ( t * testing . T ) {
// Log back in
2024-11-20 11:28:39 -05:00
_ , _ , err := client . Login ( context . Background ( ) , user . Email , user . Password )
require . NoError ( t , err )
2024-10-23 18:47:11 -04:00
post , _ , err := client . CreatePost ( context . Background ( ) , & model . Post {
ChannelId : th . BasicChannel . Id ,
Message : "Root message for different user test" ,
} )
require . NoError ( t , err )
// Try to set unread state for a different user
_ , resp , err := client . SetThreadUnreadByPostId ( context . Background ( ) , th . BasicUser2 . Id , team . Id , post . Id , post . Id )
require . Error ( t , err )
CheckForbiddenStatus ( t , resp )
} )
t . Run ( "set unread state as system admin" , func ( t * testing . T ) {
post , _ , err := th . SystemAdminClient . CreatePost ( context . Background ( ) , & model . Post {
ChannelId : th . BasicChannel . Id ,
Message : "Root message for system admin test" ,
} )
require . NoError ( t , err )
reply , _ , err := th . SystemAdminClient . CreatePost ( context . Background ( ) , & model . Post {
ChannelId : th . BasicChannel . Id ,
RootId : post . Id ,
Message : "Reply for system admin test" ,
} )
require . NoError ( t , err )
thread , resp , err := th . SystemAdminClient . SetThreadUnreadByPostId ( context . Background ( ) , user . Id , team . Id , post . Id , reply . Id )
require . NoError ( t , err )
CheckOKStatus ( t , resp )
require . NotNil ( t , thread )
require . Equal ( t , post . Id , thread . PostId )
// Check that LastReplyAt is a recent timestamp
require . Greater ( t , thread . LastReplyAt , int64 ( 0 ) )
require . LessOrEqual ( t , thread . LastReplyAt , model . GetMillis ( ) )
// Check if the thread is marked as unread
require . True ( t , thread . UnreadReplies > 0 , "Thread should have unread replies" )
require . InDelta ( t , model . GetMillis ( ) , thread . LastReplyAt , float64 ( 5000 ) , "LastReplyAt should be within 5 seconds of current time" )
} )
}
func TestRevokeAllSessionsForUser ( t * testing . T ) {
2025-05-30 07:58:26 -04:00
mainHelper . Parallel ( t )
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2024-10-23 18:47:11 -04:00
user := th . BasicUser
user2 := th . BasicUser2 // Additional user for permission testing
// Create multiple sessions for the primary user
client1 := th . CreateClient ( )
_ , _ , err := client1 . Login ( context . Background ( ) , user . Email , user . Password )
require . NoError ( t , err )
client2 := th . CreateClient ( )
_ , _ , err = client2 . Login ( context . Background ( ) , user . Email , user . Password )
require . NoError ( t , err )
// Create a session for the second user (non-admin)
nonAdminClient := th . CreateClient ( )
_ , _ , err = nonAdminClient . Login ( context . Background ( ) , user2 . Email , user2 . Password )
require . NoError ( t , err )
th . TestForSystemAdminAndLocal ( t , func ( t * testing . T , client * model . Client4 ) {
resp , err := th . SystemAdminClient . RevokeAllSessions ( context . Background ( ) , user . Id )
require . NoError ( t , err )
CheckOKStatus ( t , resp )
// Use SystemAdminClient to verify that all sessions are revoked
sessions , _ , err := th . SystemAdminClient . GetSessions ( context . Background ( ) , user . Id , "" )
require . NoError ( t , err )
require . Empty ( t , sessions , "All sessions should be revoked" )
} , "Revoke all sessions as admin and local" )
th . TestForSystemAdminAndLocal ( t , func ( t * testing . T , client * model . Client4 ) {
fakeUserId := "invalid_user_id"
resp , err := client . RevokeAllSessions ( context . Background ( ) , fakeUserId )
require . Error ( t , err )
CheckNotFoundStatus ( t , resp )
} , "Revoke all sessions for non-existent user" )
t . Run ( "Revoke all sessions without permissions" , func ( t * testing . T ) {
// Attempt to revoke sessions of the primary user using a non-admin client
resp , err := nonAdminClient . RevokeAllSessions ( context . Background ( ) , user . Id )
require . Error ( t , err )
CheckForbiddenStatus ( t , resp )
} )
}
2025-01-27 13:03:16 -05:00
2025-03-12 18:22:03 -04:00
func TestResetPasswordFailedAttempts ( t * testing . T ) {
2025-11-12 07:00:51 -05:00
th := SetupEnterprise ( t ) . InitBasic ( t )
2025-03-12 18:22:03 -04:00
th . SetupLdapConfig ( )
th . App . Srv ( ) . SetLicense ( model . NewTestLicense ( "ldap" ) )
2026-04-08 15:49:43 -04:00
wrongPassword := model . NewTestPassword ( )
2025-03-12 18:22:03 -04:00
t . Run ( "Reset password failed attempts for regular user" , func ( t * testing . T ) {
client := th . CreateClient ( )
th . App . UpdateConfig ( func ( cfg * model . Config ) {
* cfg . ServiceSettings . MaximumLoginAttempts = 10
} )
maxAttempts := th . App . Config ( ) . ServiceSettings . MaximumLoginAttempts
2025-11-12 07:00:51 -05:00
user := th . CreateUser ( t )
2025-03-12 18:22:03 -04:00
for i := 0 ; i < * maxAttempts ; i ++ {
2026-04-08 15:49:43 -04:00
_ , _ , err := client . Login ( context . Background ( ) , user . Email , wrongPassword )
2025-03-12 18:22:03 -04:00
require . Error ( t , err )
}
user , resp , err := th . SystemAdminClient . GetUser ( context . Background ( ) , user . Id , "" )
require . NoError ( t , err )
CheckOKStatus ( t , resp )
require . Equal ( t , * maxAttempts , user . FailedAttempts )
resp , err = th . SystemAdminClient . ResetFailedAttempts ( context . Background ( ) , user . Id )
require . NoError ( t , err )
CheckOKStatus ( t , resp )
user , resp , err = th . SystemAdminClient . GetUser ( context . Background ( ) , user . Id , "" )
require . NoError ( t , err )
CheckOKStatus ( t , resp )
require . Equal ( t , int ( 0 ) , user . FailedAttempts )
} )
t . Run ( "Reset password failed attempts for ldap user" , func ( t * testing . T ) {
th . App . UpdateConfig ( func ( cfg * model . Config ) {
* cfg . LdapSettings . MaximumLoginAttempts = 5
} )
mockCtrl := gomock . NewController ( t )
defer mockCtrl . Finish ( )
mockLdap := & mocks . LdapInterface { }
username := GenerateTestUsername ( )
ldapUser := & model . User {
Email : "foobar+testdomainrestriction@mattermost.org" ,
Username : username ,
AuthService : "ldap" ,
AuthData : & username ,
EmailVerified : true ,
}
ldapUser , appErr := th . App . CreateUser ( th . Context , ldapUser )
require . Nil ( t , appErr )
client := th . CreateClient ( )
mockLdap . Mock . On ( "GetUser" , mock . AnythingOfType ( "*request.Context" ) , mock . AnythingOfType ( "string" ) ) . Return ( ldapUser , nil ) . Times ( 5 )
th . App . Channels ( ) . Ldap = mockLdap
2025-07-18 06:54:51 -04:00
for i := range 5 {
2025-03-12 18:22:03 -04:00
mockedLdapUser := ldapUser
mockedLdapUser . FailedAttempts = i
mockLdap . Mock . On ( "DoLogin" , mock . AnythingOfType ( "*request.Context" ) , mock . AnythingOfType ( "string" ) , mock . AnythingOfType ( "string" ) ) . Return ( mockedLdapUser , & model . AppError { Id : "ent.ldap.do_login.invalid_password.app_error" } )
_ , _ , err := client . LoginByLdap ( context . Background ( ) , * ldapUser . AuthData , "wrongpassword" )
require . Error ( t , err )
}
user , resp , err := th . SystemAdminClient . GetUser ( context . Background ( ) , ldapUser . Id , "" )
require . NoError ( t , err )
CheckOKStatus ( t , resp )
require . Equal ( t , int ( 5 ) , user . FailedAttempts )
resp , err = th . SystemAdminClient . ResetFailedAttempts ( context . Background ( ) , ldapUser . Id )
require . NoError ( t , err )
CheckOKStatus ( t , resp )
user , resp , err = th . SystemAdminClient . GetUser ( context . Background ( ) , ldapUser . Id , "" )
require . NoError ( t , err )
CheckOKStatus ( t , resp )
require . Equal ( t , int ( 0 ) , user . FailedAttempts )
} )
t . Run ( "Regular user unable to reset failed attempts" , func ( t * testing . T ) {
client := th . CreateClient ( )
th . App . UpdateConfig ( func ( cfg * model . Config ) {
* cfg . ServiceSettings . MaximumLoginAttempts = 10
} )
maxAttempts := th . App . Config ( ) . ServiceSettings . MaximumLoginAttempts
2025-11-12 07:00:51 -05:00
user := th . CreateUser ( t )
2025-03-12 18:22:03 -04:00
for i := 0 ; i < * maxAttempts ; i ++ {
2026-04-08 15:49:43 -04:00
_ , _ , err := client . Login ( context . Background ( ) , user . Email , wrongPassword )
2025-03-12 18:22:03 -04:00
require . Error ( t , err )
}
user , resp , err := th . SystemAdminClient . GetUser ( context . Background ( ) , user . Id , "" )
require . NoError ( t , err )
CheckOKStatus ( t , resp )
require . Equal ( t , * maxAttempts , user . FailedAttempts )
resp , err = th . Client . ResetFailedAttempts ( context . Background ( ) , user . Id )
require . Error ( t , err )
CheckForbiddenStatus ( t , resp )
user , resp , err = th . SystemAdminClient . GetUser ( context . Background ( ) , user . Id , "" )
require . NoError ( t , err )
CheckOKStatus ( t , resp )
require . Equal ( t , * maxAttempts , user . FailedAttempts )
} )
t . Run ( "Reset password failed attempts when user has PermissionSysconsoleWriteUserManagementUsers" , func ( t * testing . T ) {
2025-11-12 07:00:51 -05:00
th . AddPermissionToRole ( t , model . PermissionSysconsoleWriteUserManagementUsers . Id , model . SystemUserRoleId )
defer th . RemovePermissionFromRole ( t , model . PermissionSysconsoleWriteUserManagementUsers . Id , model . SystemUserRoleId )
2025-03-12 18:22:03 -04:00
client := th . CreateClient ( )
th . App . UpdateConfig ( func ( cfg * model . Config ) {
* cfg . ServiceSettings . MaximumLoginAttempts = 10
} )
maxAttempts := th . App . Config ( ) . ServiceSettings . MaximumLoginAttempts
2025-11-12 07:00:51 -05:00
user := th . CreateUser ( t )
2025-03-12 18:22:03 -04:00
for i := 0 ; i < * maxAttempts ; i ++ {
2026-04-08 15:49:43 -04:00
_ , _ , err := client . Login ( context . Background ( ) , user . Email , wrongPassword )
2025-03-12 18:22:03 -04:00
require . Error ( t , err )
}
fetchedUser , resp , err := th . SystemAdminClient . GetUser ( context . Background ( ) , user . Id , "" )
require . NoError ( t , err )
CheckOKStatus ( t , resp )
require . Equal ( t , * maxAttempts , fetchedUser . FailedAttempts )
resp , err = th . Client . ResetFailedAttempts ( context . Background ( ) , user . Id )
require . NoError ( t , err )
CheckOKStatus ( t , resp )
fetchedUser , resp , err = th . SystemAdminClient . GetUser ( context . Background ( ) , user . Id , "" )
require . NoError ( t , err )
CheckOKStatus ( t , resp )
require . Equal ( t , int ( 0 ) , fetchedUser . FailedAttempts )
} )
t . Run ( "Unable to reset password failed attempts for sysadmin when user has PermissionSysconsoleWriteUserManagementUsers" , func ( t * testing . T ) {
2025-11-12 07:00:51 -05:00
th . AddPermissionToRole ( t , model . PermissionSysconsoleWriteUserManagementUsers . Id , model . SystemUserRoleId )
defer th . RemovePermissionFromRole ( t , model . PermissionSysconsoleWriteUserManagementUsers . Id , model . SystemUserRoleId )
2025-03-12 18:22:03 -04:00
client := th . CreateClient ( )
th . App . UpdateConfig ( func ( cfg * model . Config ) {
* cfg . ServiceSettings . MaximumLoginAttempts = 10
} )
maxAttempts := th . App . Config ( ) . ServiceSettings . MaximumLoginAttempts
// create sysadmin user
2025-11-12 07:00:51 -05:00
sysadmin := th . CreateUser ( t )
2025-03-12 18:22:03 -04:00
_ , appErr := th . App . UpdateUserRoles ( th . Context , sysadmin . Id , model . SystemUserRoleId + " " + model . SystemAdminRoleId , false )
require . Nil ( t , appErr )
for i := 0 ; i < * maxAttempts ; i ++ {
2026-04-08 15:49:43 -04:00
_ , _ , err := client . Login ( context . Background ( ) , sysadmin . Email , wrongPassword )
2025-03-12 18:22:03 -04:00
require . Error ( t , err )
}
sysadminUser , resp , err := th . SystemAdminClient . GetUser ( context . Background ( ) , sysadmin . Id , "" )
require . NoError ( t , err )
CheckOKStatus ( t , resp )
require . Equal ( t , * maxAttempts , sysadminUser . FailedAttempts )
resp , err = th . Client . ResetFailedAttempts ( context . Background ( ) , sysadminUser . Id )
require . Error ( t , err )
CheckForbiddenStatus ( t , resp )
sysadminUser , resp , err = th . SystemAdminClient . GetUser ( context . Background ( ) , sysadminUser . Id , "" )
require . NoError ( t , err )
CheckOKStatus ( t , resp )
require . Equal ( t , int ( 10 ) , sysadminUser . FailedAttempts )
} )
t . Run ( "Reset password failed attempts for sysadmin" , func ( t * testing . T ) {
client := th . CreateClient ( )
th . App . UpdateConfig ( func ( cfg * model . Config ) {
* cfg . ServiceSettings . MaximumLoginAttempts = 10
} )
maxAttempts := th . App . Config ( ) . ServiceSettings . MaximumLoginAttempts
2025-11-12 07:00:51 -05:00
sysadmin := th . CreateUser ( t )
2025-03-12 18:22:03 -04:00
_ , appErr := th . App . UpdateUserRoles ( th . Context , sysadmin . Id , model . SystemUserRoleId + " " + model . SystemAdminRoleId , false )
require . Nil ( t , appErr )
for i := 0 ; i < * maxAttempts ; i ++ {
2026-04-08 15:49:43 -04:00
_ , _ , err := client . Login ( context . Background ( ) , sysadmin . Email , wrongPassword )
2025-03-12 18:22:03 -04:00
require . Error ( t , err )
}
sysadminUser , resp , err := th . SystemAdminClient . GetUser ( context . Background ( ) , sysadmin . Id , "" )
require . NoError ( t , err )
CheckOKStatus ( t , resp )
require . Equal ( t , * maxAttempts , sysadminUser . FailedAttempts )
resp , err = th . SystemAdminClient . ResetFailedAttempts ( context . Background ( ) , sysadminUser . Id )
require . NoError ( t , err )
CheckOKStatus ( t , resp )
sysadminUser , resp , err = th . SystemAdminClient . GetUser ( context . Background ( ) , sysadminUser . Id , "" )
require . NoError ( t , err )
CheckOKStatus ( t , resp )
require . Equal ( t , int ( 0 ) , sysadminUser . FailedAttempts )
} )
}
MM-63240: Always allow viewing archived channels (#32162)
* server: allow access to channel bookmarks in an archived channel
* server: allow access to posts in archived channels
* server: allow accessing channel members for archived channels
* server: allow autocompleting/searching archived channels
* server: allow access to files from archived channels
* server: fix access issue on database error
* server: allow access to archived channels
* server: remove TeamSettings.ExperimentalViewArchivedChannels from telemetry
* server: remove ExperimentalViewArchivedChannels from client config
* webapp: simplify delete channel
* webapp: simplify channel settings modal
* webapp: do not redirect away from archived channel
* webapp: rhs, always search posts from archived channels
* webapp: switch channels, always support archived channels
* webapp: search channel provider, always support archived channels
* webapp: browse channels, always support archived channels
* webapp, search results? fixup?
* webapp, confusing type issue
* webapp: unarchive, no need to report view archived
* webapp: command test, no need for ExperimentalViewArchivedChannels in config
* webapp: remove ExperimentalViewArchivedChannels from system console
* webapp: redux, do not delete posts, also fix LEAVE_CHANNEL
* update e2e tests
* server: fail startup if ExperimentalViewArchivedChannels is not enabled
* extract i18n
* updated snapshots
* update tests
* simplify posts reducer
* updated tests
* additional e2e tests
* Fix locale consistency in Jest tests
Added consistent locale environment variables (LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8)
to all Jest test scripts to prevent locale-dependent date formatting differences
across development environments.
This resolves snapshot test failures where DateTime.toLocaleString() would produce
different date formats on different systems (e.g., "6/8/2025" vs "08/06/2025" vs "2025-06-08").
Updated test scripts:
- test, test:watch, test:updatesnapshot, test:debug, test-ci
Updated snapshot to consistent en_US format.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Remove includeArchivedChannels parameter from GetMemberForPost
* Remove unnecessary includeDeleted variable assignments
* Deprecate ExperimentalViewArchivedChannels config field
---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
2025-08-15 12:50:20 -04:00
2025-01-27 13:03:16 -05:00
func TestSearchUsersWithMfaEnforced ( t * testing . T ) {
2025-11-12 07:00:51 -05:00
th := Setup ( t ) . InitBasic ( t )
2025-01-27 13:03:16 -05:00
th . App . Srv ( ) . SetLicense ( model . NewTestLicense ( "mfa" ) )
th . App . UpdateConfig ( func ( cfg * model . Config ) {
* cfg . ServiceSettings . EnableMultifactorAuthentication = true
* cfg . ServiceSettings . EnforceMultifactorAuthentication = true
} )
t . Run ( "user with MFA active can search users" , func ( t * testing . T ) {
userWithMFAOK := th . BasicUser
secret , appErr := th . App . GenerateMfaSecret ( userWithMFAOK . Id )
assert . Nil ( t , appErr )
// Fake user has MFA enabled
err := th . Server . Store ( ) . User ( ) . UpdateMfaActive ( userWithMFAOK . Id , true )
require . NoError ( t , err )
err = th . Server . Store ( ) . User ( ) . UpdateMfaSecret ( userWithMFAOK . Id , secret . Secret )
require . NoError ( t , err )
code := dgoogauth . ComputeCode ( secret . Secret , time . Now ( ) . UTC ( ) . Unix ( ) / 30 )
client := th . CreateClient ( )
user , _ , err := client . LoginWithMFA ( context . Background ( ) , th . BasicUser . Email , th . BasicUser . Password , fmt . Sprintf ( "%06d" , code ) )
require . NoError ( t , err )
assert . NotNil ( t , user )
_ , _ , err = client . SearchUsers ( context . Background ( ) , & model . UserSearch {
Term : "user" ,
} )
require . NoError ( t , err )
} )
t . Run ( "user with MFA not active can't search users" , func ( t * testing . T ) {
userWithMFANotOk := th . BasicUser2
err := th . Server . Store ( ) . User ( ) . UpdateMfaActive ( userWithMFANotOk . Id , false )
require . NoError ( t , err )
client := th . CreateClient ( )
_ , _ , err = client . Login ( context . Background ( ) , userWithMFANotOk . Email , userWithMFANotOk . Password )
require . NoError ( t , err )
_ , resp , err := client . SearchUsers ( context . Background ( ) , & model . UserSearch {
Term : "user" ,
} )
CheckErrorID ( t , err , "api.context.mfa_required.app_error" )
CheckForbiddenStatus ( t , resp )
} )
}
