Unverified Commit 1f6c271b authored by Joram Wilander's avatar Joram Wilander Committed by GitHub

MM-8708 Remove api package (#8784)

* Remove api package

* Remove api dependency from cmd package

* Remove EnableAPIv3 setting

* Update web tests

* Add more websocket tests

* Move some ws and oauth tests to api4 package

* Move command tests into api4 package

* Test fixes

* Fix msg command test

* Add some app file tests
parent 02f8c18f
......@@ -496,8 +496,6 @@ clean: stop-docker ## Clean up everything except persistant server data.
rm -f mattermost.log
rm -f mattermost.log.jsonl
rm -f npm-debug.log
rm -f api/mattermost.log
rm -f api/mattermost.log.jsonl
rm -f .prepare-go
rm -f enterprise
rm -f cover.out
......
// Copyright (c) 2016-present Mattermost, Inc. All Rights Reserved.
// See License.txt for license information.
package api
import (
"net/http"
"strconv"
"github.com/avct/uasurfer"
"github.com/gorilla/mux"
"github.com/mattermost/mattermost-server/app"
"github.com/mattermost/mattermost-server/model"
)
func (api *API) InitAdmin() {
api.BaseRoutes.Admin.Handle("/logs", api.ApiAdminSystemRequired(getLogs)).Methods("GET")
api.BaseRoutes.Admin.Handle("/audits", api.ApiAdminSystemRequired(getAllAudits)).Methods("GET")
api.BaseRoutes.Admin.Handle("/config", api.ApiAdminSystemRequired(getConfig)).Methods("GET")
api.BaseRoutes.Admin.Handle("/save_config", api.ApiAdminSystemRequired(saveConfig)).Methods("POST")
api.BaseRoutes.Admin.Handle("/reload_config", api.ApiAdminSystemRequired(reloadConfig)).Methods("GET")
api.BaseRoutes.Admin.Handle("/invalidate_all_caches", api.ApiAdminSystemRequired(invalidateAllCaches)).Methods("GET")
api.BaseRoutes.Admin.Handle("/test_email", api.ApiAdminSystemRequired(testEmail)).Methods("POST")
api.BaseRoutes.Admin.Handle("/recycle_db_conn", api.ApiAdminSystemRequired(recycleDatabaseConnection)).Methods("GET")
api.BaseRoutes.Admin.Handle("/analytics/{id:[A-Za-z0-9]+}/{name:[A-Za-z0-9_]+}", api.ApiAdminSystemRequired(getAnalytics)).Methods("GET")
api.BaseRoutes.Admin.Handle("/analytics/{name:[A-Za-z0-9_]+}", api.ApiAdminSystemRequired(getAnalytics)).Methods("GET")
api.BaseRoutes.Admin.Handle("/save_compliance_report", api.ApiAdminSystemRequired(saveComplianceReport)).Methods("POST")
api.BaseRoutes.Admin.Handle("/compliance_reports", api.ApiAdminSystemRequired(getComplianceReports)).Methods("GET")
api.BaseRoutes.Admin.Handle("/download_compliance_report/{id:[A-Za-z0-9]+}", api.ApiAdminSystemRequiredTrustRequester(downloadComplianceReport)).Methods("GET")
api.BaseRoutes.Admin.Handle("/upload_brand_image", api.ApiAdminSystemRequired(uploadBrandImage)).Methods("POST")
api.BaseRoutes.Admin.Handle("/get_brand_image", api.ApiAppHandlerTrustRequester(getBrandImage)).Methods("GET")
api.BaseRoutes.Admin.Handle("/reset_mfa", api.ApiAdminSystemRequired(adminResetMfa)).Methods("POST")
api.BaseRoutes.Admin.Handle("/reset_password", api.ApiAdminSystemRequired(adminResetPassword)).Methods("POST")
api.BaseRoutes.Admin.Handle("/ldap_sync_now", api.ApiAdminSystemRequired(ldapSyncNow)).Methods("POST")
api.BaseRoutes.Admin.Handle("/ldap_test", api.ApiAdminSystemRequired(ldapTest)).Methods("POST")
api.BaseRoutes.Admin.Handle("/saml_metadata", api.ApiAppHandler(samlMetadata)).Methods("GET")
api.BaseRoutes.Admin.Handle("/add_certificate", api.ApiAdminSystemRequired(addCertificate)).Methods("POST")
api.BaseRoutes.Admin.Handle("/remove_certificate", api.ApiAdminSystemRequired(removeCertificate)).Methods("POST")
api.BaseRoutes.Admin.Handle("/saml_cert_status", api.ApiAdminSystemRequired(samlCertificateStatus)).Methods("GET")
api.BaseRoutes.Admin.Handle("/cluster_status", api.ApiAdminSystemRequired(getClusterStatus)).Methods("GET")
api.BaseRoutes.Admin.Handle("/recently_active_users/{team_id:[A-Za-z0-9]+}", api.ApiUserRequired(getRecentlyActiveUsers)).Methods("GET")
}
func getLogs(c *Context, w http.ResponseWriter, r *http.Request) {
lines, err := c.App.GetLogs(0, 10000)
if err != nil {
c.Err = err
return
}
w.Write([]byte(model.ArrayToJson(lines)))
}
func getClusterStatus(c *Context, w http.ResponseWriter, r *http.Request) {
infos := c.App.GetClusterStatus()
if c.App.Cluster != nil {
w.Header().Set(model.HEADER_CLUSTER_ID, c.App.Cluster.GetClusterId())
}
w.Write([]byte(model.ClusterInfosToJson(infos)))
}
func getAllAudits(c *Context, w http.ResponseWriter, r *http.Request) {
if audits, err := c.App.GetAudits("", 200); err != nil {
c.Err = err
return
} else if c.HandleEtag(audits.Etag(), "Get All Audits", w, r) {
return
} else {
etag := audits.Etag()
if len(etag) > 0 {
w.Header().Set(model.HEADER_ETAG_SERVER, etag)
}
w.Write([]byte(audits.ToJson()))
return
}
}
func getConfig(c *Context, w http.ResponseWriter, r *http.Request) {
cfg := c.App.GetConfig()
w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
w.Write([]byte(cfg.ToJson()))
}
func reloadConfig(c *Context, w http.ResponseWriter, r *http.Request) {
c.App.ReloadConfig()
w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
ReturnStatusOK(w)
}
func invalidateAllCaches(c *Context, w http.ResponseWriter, r *http.Request) {
err := c.App.InvalidateAllCaches()
if err != nil {
c.Err = err
return
}
w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
ReturnStatusOK(w)
}
func saveConfig(c *Context, w http.ResponseWriter, r *http.Request) {
cfg := model.ConfigFromJson(r.Body)
if cfg == nil {
c.SetInvalidParam("saveConfig", "config")
return
}
// Do not allow plugin uploads to be toggled through the API
cfg.PluginSettings.EnableUploads = c.App.GetConfig().PluginSettings.EnableUploads
err := c.App.SaveConfig(cfg, true)
if err != nil {
c.Err = err
return
}
c.LogAudit("")
ReturnStatusOK(w)
}
func recycleDatabaseConnection(c *Context, w http.ResponseWriter, r *http.Request) {
c.App.RecycleDatabaseConnection()
w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
ReturnStatusOK(w)
}
func testEmail(c *Context, w http.ResponseWriter, r *http.Request) {
cfg := model.ConfigFromJson(r.Body)
if cfg == nil {
c.SetInvalidParam("testEmail", "config")
return
}
err := c.App.TestEmail(c.Session.UserId, cfg)
if err != nil {
c.Err = err
return
}
m := make(map[string]string)
m["SUCCESS"] = "true"
w.Write([]byte(model.MapToJson(m)))
}
func getComplianceReports(c *Context, w http.ResponseWriter, r *http.Request) {
crs, err := c.App.GetComplianceReports(0, 10000)
if err != nil {
c.Err = err
return
}
w.Write([]byte(crs.ToJson()))
}
func saveComplianceReport(c *Context, w http.ResponseWriter, r *http.Request) {
job := model.ComplianceFromJson(r.Body)
if job == nil {
c.SetInvalidParam("saveComplianceReport", "compliance")
return
}
job.UserId = c.Session.UserId
rjob, err := c.App.SaveComplianceReport(job)
if err != nil {
c.Err = err
return
}
c.LogAudit("")
w.Write([]byte(rjob.ToJson()))
}
func downloadComplianceReport(c *Context, w http.ResponseWriter, r *http.Request) {
params := mux.Vars(r)
id := params["id"]
if len(id) != 26 {
c.SetInvalidParam("downloadComplianceReport", "id")
return
}
job, err := c.App.GetComplianceReport(id)
if err != nil {
c.Err = err
return
}
reportBytes, err := c.App.GetComplianceFile(job)
if err != nil {
c.Err = err
return
}
c.LogAudit("downloaded " + job.Desc)
w.Header().Set("Cache-Control", "max-age=2592000, public")
w.Header().Set("Content-Length", strconv.Itoa(len(reportBytes)))
w.Header().Del("Content-Type") // Content-Type will be set automatically by the http writer
// attach extra headers to trigger a download on IE, Edge, and Safari
ua := uasurfer.Parse(r.UserAgent())
w.Header().Set("Content-Disposition", "attachment;filename=\""+job.JobName()+".zip\"")
if ua.Browser.Name == uasurfer.BrowserIE || ua.Browser.Name == uasurfer.BrowserSafari {
// trim off anything before the final / so we just get the file's name
w.Header().Set("Content-Type", "application/octet-stream")
}
w.Write(reportBytes)
}
func getAnalytics(c *Context, w http.ResponseWriter, r *http.Request) {
params := mux.Vars(r)
teamId := params["id"]
name := params["name"]
rows, err := c.App.GetAnalytics(name, teamId)
if err != nil {
c.Err = err
return
}
if rows == nil {
c.SetInvalidParam("getAnalytics", "name")
return
}
w.Write([]byte(rows.ToJson()))
}
func uploadBrandImage(c *Context, w http.ResponseWriter, r *http.Request) {
if r.ContentLength > *c.App.Config().FileSettings.MaxFileSize {
c.Err = model.NewAppError("uploadBrandImage", "api.admin.upload_brand_image.too_large.app_error", nil, "", http.StatusRequestEntityTooLarge)
return
}
if err := r.ParseMultipartForm(*c.App.Config().FileSettings.MaxFileSize); err != nil {
c.Err = model.NewAppError("uploadBrandImage", "api.admin.upload_brand_image.parse.app_error", nil, "", http.StatusBadRequest)
return
}
m := r.MultipartForm
imageArray, ok := m.File["image"]
if !ok {
c.Err = model.NewAppError("uploadBrandImage", "api.admin.upload_brand_image.no_file.app_error", nil, "", http.StatusBadRequest)
c.Err.StatusCode = http.StatusBadRequest
return
}
if len(imageArray) <= 0 {
c.Err = model.NewAppError("uploadBrandImage", "api.admin.upload_brand_image.array.app_error", nil, "", http.StatusBadRequest)
c.Err.StatusCode = http.StatusBadRequest
return
}
if err := c.App.SaveBrandImage(imageArray[0]); err != nil {
c.Err = err
return
}
c.LogAudit("")
ReturnStatusOK(w)
}
func getBrandImage(c *Context, w http.ResponseWriter, r *http.Request) {
if img, err := c.App.GetBrandImage(); err != nil {
w.Write(nil)
} else {
w.Header().Set("Content-Type", "image/png")
w.Write(img)
}
}
func adminResetMfa(c *Context, w http.ResponseWriter, r *http.Request) {
props := model.MapFromJson(r.Body)
userId := props["user_id"]
if len(userId) != 26 {
c.SetInvalidParam("adminResetMfa", "user_id")
return
}
if err := c.App.DeactivateMfa(userId); err != nil {
c.Err = err
return
}
c.LogAudit("")
rdata := map[string]string{}
rdata["status"] = "ok"
w.Write([]byte(model.MapToJson(rdata)))
}
func adminResetPassword(c *Context, w http.ResponseWriter, r *http.Request) {
props := model.MapFromJson(r.Body)
userId := props["user_id"]
if len(userId) != 26 {
c.SetInvalidParam("adminResetPassword", "user_id")
return
}
newPassword := props["new_password"]
if err := c.App.IsPasswordValid(newPassword); err != nil {
c.Err = err
return
}
if err := c.App.UpdatePasswordByUserIdSendEmail(userId, newPassword, c.T("api.user.reset_password.method")); err != nil {
c.Err = err
return
}
c.LogAudit("")
rdata := map[string]string{}
rdata["status"] = "ok"
w.Write([]byte(model.MapToJson(rdata)))
}
func ldapSyncNow(c *Context, w http.ResponseWriter, r *http.Request) {
c.App.SyncLdap()
rdata := map[string]string{}
rdata["status"] = "ok"
w.Write([]byte(model.MapToJson(rdata)))
}
func ldapTest(c *Context, w http.ResponseWriter, r *http.Request) {
if err := c.App.TestLdap(); err != nil {
c.Err = err
return
}
rdata := map[string]string{}
rdata["status"] = "ok"
w.Write([]byte(model.MapToJson(rdata)))
}
func samlMetadata(c *Context, w http.ResponseWriter, r *http.Request) {
if result, err := c.App.GetSamlMetadata(); err != nil {
c.Err = model.NewAppError("loginWithSaml", "api.admin.saml.metadata.app_error", nil, "err="+err.Message, http.StatusInternalServerError)
return
} else {
w.Header().Set("Content-Type", "application/xml")
w.Header().Set("Content-Disposition", "attachment; filename=\"metadata.xml\"")
w.Write([]byte(result))
}
}
func addCertificate(c *Context, w http.ResponseWriter, r *http.Request) {
err := r.ParseMultipartForm(*c.App.Config().FileSettings.MaxFileSize)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
m := r.MultipartForm
fileArray, ok := m.File["certificate"]
if !ok {
c.Err = model.NewAppError("addCertificate", "api.admin.add_certificate.no_file.app_error", nil, "", http.StatusBadRequest)
c.Err.StatusCode = http.StatusBadRequest
return
}
if len(fileArray) <= 0 {
c.Err = model.NewAppError("addCertificate", "api.admin.add_certificate.array.app_error", nil, "", http.StatusBadRequest)
c.Err.StatusCode = http.StatusBadRequest
return
}
fileData := fileArray[0]
if err := app.WriteSamlFile(fileData); err != nil {
c.Err = err
return
}
ReturnStatusOK(w)
}
func removeCertificate(c *Context, w http.ResponseWriter, r *http.Request) {
props := model.MapFromJson(r.Body)
if err := app.RemoveSamlFile(props["filename"]); err != nil {
c.Err = err
return
}
ReturnStatusOK(w)
}
func samlCertificateStatus(c *Context, w http.ResponseWriter, r *http.Request) {
status := c.App.GetSamlCertificateStatus()
statusMap := map[string]interface{}{}
statusMap["IdpCertificateFile"] = status.IdpCertificateFile
statusMap["PrivateKeyFile"] = status.PrivateKeyFile
statusMap["PublicCertificateFile"] = status.PublicCertificateFile
w.Write([]byte(model.StringInterfaceToJson(statusMap)))
}
func getRecentlyActiveUsers(c *Context, w http.ResponseWriter, r *http.Request) {
if profiles, err := c.App.GetRecentlyActiveUsersForTeam(c.TeamId); err != nil {
c.Err = err
return
} else {
for _, p := range profiles {
sanitizeProfile(c, p)
}
w.Write([]byte(model.UserMapToJson(profiles)))
}
}
// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
// See License.txt for license information.
package api
import (
"net/http"
"strings"
"testing"
"github.com/mattermost/mattermost-server/model"
"github.com/mattermost/mattermost-server/store"
"github.com/stretchr/testify/assert"
)
func TestGetLogs(t *testing.T) {
th := Setup().InitSystemAdmin().InitBasic()
defer th.TearDown()
if _, err := th.BasicClient.GetLogs(); err == nil {
t.Fatal("Shouldn't have permissions")
}
if logs, err := th.SystemAdminClient.GetLogs(); err != nil {
t.Fatal(err)
} else if len(logs.Data.([]string)) <= 0 {
t.Fatal()
}
}
func TestGetClusterInfos(t *testing.T) {
if testing.Short() {
t.SkipNow()
}
th := Setup().InitSystemAdmin().InitBasic()
defer th.TearDown()
if _, err := th.BasicClient.GetClusterStatus(); err == nil {
t.Fatal("Shouldn't have permissions")
}
if _, err := th.SystemAdminClient.GetClusterStatus(); err != nil {
t.Fatal(err)
}
}
func TestGetAllAudits(t *testing.T) {
th := Setup().InitBasic().InitSystemAdmin()
defer th.TearDown()
if _, err := th.BasicClient.GetAllAudits(); err == nil {
t.Fatal("Shouldn't have permissions")
}
if audits, err := th.SystemAdminClient.GetAllAudits(); err != nil {
t.Fatal(err)
} else if len(audits.Data.(model.Audits)) <= 0 {
t.Fatal()
}
}
func TestGetConfig(t *testing.T) {
th := Setup().InitBasic().InitSystemAdmin()
defer th.TearDown()
if _, err := th.BasicClient.GetConfig(); err == nil {
t.Fatal("Shouldn't have permissions")
}
if result, err := th.SystemAdminClient.GetConfig(); err != nil {
t.Fatal(err)
} else {
cfg := result.Data.(*model.Config)
if len(cfg.TeamSettings.SiteName) == 0 {
t.Fatal()
}
if *cfg.LdapSettings.BindPassword != model.FAKE_SETTING && len(*cfg.LdapSettings.BindPassword) != 0 {
t.Fatal("did not sanitize properly")
}
if *cfg.FileSettings.PublicLinkSalt != model.FAKE_SETTING {
t.Fatal("did not sanitize properly")
}
if cfg.FileSettings.AmazonS3SecretAccessKey != model.FAKE_SETTING && len(cfg.FileSettings.AmazonS3SecretAccessKey) != 0 {
t.Fatal("did not sanitize properly")
}
if cfg.EmailSettings.InviteSalt != model.FAKE_SETTING {
t.Fatal("did not sanitize properly")
}
if cfg.EmailSettings.SMTPPassword != model.FAKE_SETTING && len(cfg.EmailSettings.SMTPPassword) != 0 {
t.Fatal("did not sanitize properly")
}
if cfg.GitLabSettings.Secret != model.FAKE_SETTING && len(cfg.GitLabSettings.Secret) != 0 {
t.Fatal("did not sanitize properly")
}
if *cfg.SqlSettings.DataSource != model.FAKE_SETTING {
t.Fatal("did not sanitize properly")
}
if cfg.SqlSettings.AtRestEncryptKey != model.FAKE_SETTING {
t.Fatal("did not sanitize properly")
}
if !strings.Contains(strings.Join(cfg.SqlSettings.DataSourceReplicas, " "), model.FAKE_SETTING) && len(cfg.SqlSettings.DataSourceReplicas) != 0 {
t.Fatal("did not sanitize properly")
}
}
}
func TestReloadConfig(t *testing.T) {
th := Setup().InitBasic().InitSystemAdmin()
defer th.TearDown()
if _, err := th.BasicClient.ReloadConfig(); err == nil {
t.Fatal("Shouldn't have permissions")
}
if _, err := th.SystemAdminClient.ReloadConfig(); err != nil {
t.Fatal(err)
}
th.App.UpdateConfig(func(cfg *model.Config) { *cfg.TeamSettings.MaxUsersPerTeam = 50 })
th.App.UpdateConfig(func(cfg *model.Config) { *cfg.TeamSettings.EnableOpenServer = true })
}
func TestInvalidateAllCache(t *testing.T) {
th := Setup().InitBasic().InitSystemAdmin()
defer th.TearDown()
if _, err := th.BasicClient.InvalidateAllCaches(); err == nil {
t.Fatal("Shouldn't have permissions")
}
if _, err := th.SystemAdminClient.InvalidateAllCaches(); err != nil {
t.Fatal(err)
}
}
func TestSaveConfig(t *testing.T) {
th := Setup().InitBasic().InitSystemAdmin()
defer th.TearDown()
if _, err := th.BasicClient.SaveConfig(th.App.Config()); err == nil {
t.Fatal("Shouldn't have permissions")
}
th.App.UpdateConfig(func(cfg *model.Config) { *cfg.TeamSettings.EnableOpenServer = false })
if _, err := th.SystemAdminClient.SaveConfig(th.App.Config()); err != nil {
t.Fatal(err)
}
th.App.UpdateConfig(func(cfg *model.Config) { *cfg.TeamSettings.EnableOpenServer = true })
// Should not be able to modify PluginSettings.EnableUploads
oldEnableUploads := *th.App.GetConfig().PluginSettings.EnableUploads
cfg := &model.Config{}
cfg.SetDefaults()
*cfg.PluginSettings.EnableUploads = !oldEnableUploads
if _, err := th.SystemAdminClient.SaveConfig(cfg); err != nil {
t.Fatal(err)
}
assert.Equal(t, oldEnableUploads, *th.App.Config().PluginSettings.EnableUploads)
}
func TestRecycleDatabaseConnection(t *testing.T) {
th := Setup().InitBasic().InitSystemAdmin()
defer th.TearDown()
if _, err := th.BasicClient.RecycleDatabaseConnection(); err == nil {
t.Fatal("Shouldn't have permissions")
}
if _, err := th.SystemAdminClient.RecycleDatabaseConnection(); err != nil {
t.Fatal(err)
}
}
func TestEmailTest(t *testing.T) {
th := Setup().InitBasic().InitSystemAdmin()
defer th.TearDown()
SendEmailNotifications := th.App.Config().EmailSettings.SendEmailNotifications
SMTPServer := th.App.Config().EmailSettings.SMTPServer
SMTPPort := th.App.Config().EmailSettings.SMTPPort
FeedbackEmail := th.App.Config().EmailSettings.FeedbackEmail
defer func() {
th.App.UpdateConfig(func(cfg *model.Config) { cfg.EmailSettings.SendEmailNotifications = SendEmailNotifications })
th.App.UpdateConfig(func(cfg *model.Config) { cfg.EmailSettings.SMTPServer = SMTPServer })
th.App.UpdateConfig(func(cfg *model.Config) { cfg.EmailSettings.SMTPPort = SMTPPort })
th.App.UpdateConfig(func(cfg *model.Config) { cfg.EmailSettings.FeedbackEmail = FeedbackEmail })
}()
th.App.UpdateConfig(func(cfg *model.Config) { cfg.EmailSettings.SendEmailNotifications = false })
th.App.UpdateConfig(func(cfg *model.Config) { cfg.EmailSettings.SMTPServer = "" })
th.App.UpdateConfig(func(cfg *model.Config) { cfg.EmailSettings.SMTPPort = "" })
th.App.UpdateConfig(func(cfg *model.Config) { cfg.EmailSettings.FeedbackEmail = "" })
if _, err := th.BasicClient.TestEmail(th.App.Config()); err == nil {
t.Fatal("Shouldn't have permissions")
}
if _, err := th.SystemAdminClient.TestEmail(th.App.Config()); err == nil {
t.Fatal("should have errored")
} else <