...
 
Commits (12)
......@@ -16,6 +16,8 @@ import (
)
func TestUploadFileAsMultipart(t *testing.T) {
t.Skip("Broken test skipped")
th := Setup().InitBasic()
defer th.TearDown()
Client := th.Client
......
......@@ -5,6 +5,7 @@ package app
import (
"fmt"
"io"
"io/ioutil"
"net/http"
"net/url"
......@@ -160,7 +161,6 @@ func (a *App) ExecuteCommand(args *model.CommandArgs) (*model.CommandResponse, *
trigger := parts[0][1:]
trigger = strings.ToLower(trigger)
message := strings.Join(parts[1:], " ")
provider := GetCommandProvider(trigger)
clientTriggerId, triggerId, appErr := model.GenerateTriggerId(args.UserId, a.AsymmetricSigningKey())
if appErr != nil {
......@@ -169,24 +169,52 @@ func (a *App) ExecuteCommand(args *model.CommandArgs) (*model.CommandResponse, *
args.TriggerId = triggerId
if provider != nil {
if cmd := provider.GetCommand(a, args.T); cmd != nil {
response := provider.DoCommand(a, args, message)
return a.HandleCommandResponse(cmd, args, response, true)
}
cmd, response := a.tryExecuteBuiltInCommand(args, trigger, message)
if cmd != nil && response != nil {
return a.HandleCommandResponse(cmd, args, response, true)
}
cmd, response, appErr := a.ExecutePluginCommand(args)
cmd, response, appErr = a.tryExecutePluginCommand(args)
if appErr != nil {
return nil, appErr
}
if cmd != nil {
} else if cmd != nil && response != nil {
response.TriggerId = clientTriggerId
return a.HandleCommandResponse(cmd, args, response, true)
}
cmd, response, appErr = a.tryExecuteCustomCommand(args, trigger, message)
if appErr != nil {
return nil, appErr
} else if cmd != nil && response != nil {
response.TriggerId = clientTriggerId
return a.HandleCommandResponse(cmd, args, response, false)
}
return nil, model.NewAppError("command", "api.command.execute_command.not_found.app_error", map[string]interface{}{"Trigger": trigger}, "", http.StatusNotFound)
}
// tryExecutePluginCommand attempts to run a built in command based on the given arguments. If no such command can be
// found, returns nil for all arguments.
func (a *App) tryExecuteBuiltInCommand(args *model.CommandArgs, trigger string, message string) (*model.Command, *model.CommandResponse) {
provider := GetCommandProvider(trigger)
if provider == nil {
return nil, nil
}
cmd := provider.GetCommand(a, args.T)
if cmd == nil {
return nil, nil
}
return cmd, provider.DoCommand(a, args, message)
}
// tryExecuteCustomCommand attempts to run a custom command based on the given arguments. If no such command can be
// found, returns nil for all arguments.
func (a *App) tryExecuteCustomCommand(args *model.CommandArgs, trigger string, message string) (*model.Command, *model.CommandResponse, *model.AppError) {
// Handle custom commands
if !*a.Config().ServiceSettings.EnableCommands {
return nil, model.NewAppError("ExecuteCommand", "api.command.disabled.app_error", nil, "", http.StatusNotImplemented)
return nil, nil, model.NewAppError("ExecuteCommand", "api.command.disabled.app_error", nil, "", http.StatusNotImplemented)
}
chanChan := a.Srv.Store.Channel().Get(args.ChannelId, true)
......@@ -195,98 +223,121 @@ func (a *App) ExecuteCommand(args *model.CommandArgs) (*model.CommandResponse, *
result := <-a.Srv.Store.Command().GetByTeam(args.TeamId)
if result.Err != nil {
return nil, result.Err
return nil, nil, result.Err
}
tr := <-teamChan
if tr.Err != nil {
return nil, tr.Err
return nil, nil, tr.Err
}
team := tr.Data.(*model.Team)
ur := <-userChan
if ur.Err != nil {
return nil, ur.Err
return nil, nil, ur.Err
}
user := ur.Data.(*model.User)
cr := <-chanChan
if cr.Err != nil {
return nil, cr.Err
return nil, nil, cr.Err
}
channel := cr.Data.(*model.Channel)
var cmd *model.Command
teamCmds := result.Data.([]*model.Command)
for _, cmd := range teamCmds {
if trigger == cmd.Trigger {
mlog.Debug(fmt.Sprintf(utils.T("api.command.execute_command.debug"), trigger, args.UserId))
for _, teamCmd := range teamCmds {
if trigger == teamCmd.Trigger {
cmd = teamCmd
}
}
p := url.Values{}
p.Set("token", cmd.Token)
if cmd == nil {
return nil, nil, nil
}
p.Set("team_id", cmd.TeamId)
p.Set("team_domain", team.Name)
mlog.Debug(fmt.Sprintf(utils.T("api.command.execute_command.debug"), trigger, args.UserId))
p.Set("channel_id", args.ChannelId)
p.Set("channel_name", channel.Name)
p := url.Values{}
p.Set("token", cmd.Token)
p.Set("user_id", args.UserId)
p.Set("user_name", user.Username)
p.Set("team_id", cmd.TeamId)
p.Set("team_domain", team.Name)
p.Set("command", "/"+trigger)
p.Set("text", message)
p.Set("channel_id", args.ChannelId)
p.Set("channel_name", channel.Name)
p.Set("trigger_id", triggerId)
p.Set("user_id", args.UserId)
p.Set("user_name", user.Username)
hook, appErr := a.CreateCommandWebhook(cmd.Id, args)
if appErr != nil {
return nil, model.NewAppError("command", "api.command.execute_command.failed.app_error", map[string]interface{}{"Trigger": trigger}, appErr.Error(), http.StatusInternalServerError)
}
p.Set("response_url", args.SiteURL+"/hooks/commands/"+hook.Id)
var req *http.Request
if cmd.Method == model.COMMAND_METHOD_GET {
req, _ = http.NewRequest(http.MethodGet, cmd.URL, nil)
if req.URL.RawQuery != "" {
req.URL.RawQuery += "&"
}
req.URL.RawQuery += p.Encode()
} else {
req, _ = http.NewRequest(http.MethodPost, cmd.URL, strings.NewReader(p.Encode()))
}
p.Set("command", "/"+trigger)
p.Set("text", message)
req.Header.Set("Accept", "application/json")
req.Header.Set("Authorization", "Token "+cmd.Token)
if cmd.Method == model.COMMAND_METHOD_POST {
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
}
p.Set("trigger_id", args.TriggerId)
resp, err := a.HTTPService.MakeClient(false).Do(req)
if err != nil {
return nil, model.NewAppError("command", "api.command.execute_command.failed.app_error", map[string]interface{}{"Trigger": trigger}, err.Error(), http.StatusInternalServerError)
}
if resp.StatusCode != http.StatusOK {
defer resp.Body.Close()
body, _ := ioutil.ReadAll(resp.Body)
return nil, model.NewAppError("command", "api.command.execute_command.failed_resp.app_error", map[string]interface{}{"Trigger": trigger, "Status": resp.Status}, string(body), http.StatusInternalServerError)
}
hook, appErr := a.CreateCommandWebhook(cmd.Id, args)
if appErr != nil {
return cmd, nil, model.NewAppError("command", "api.command.execute_command.failed.app_error", map[string]interface{}{"Trigger": trigger}, appErr.Error(), http.StatusInternalServerError)
}
p.Set("response_url", args.SiteURL+"/hooks/commands/"+hook.Id)
response, err := model.CommandResponseFromHTTPBody(resp.Header.Get("Content-Type"), resp.Body)
if err != nil {
return nil, model.NewAppError("command", "api.command.execute_command.failed.app_error", map[string]interface{}{"Trigger": trigger}, err.Error(), http.StatusInternalServerError)
}
if response == nil {
return nil, model.NewAppError("command", "api.command.execute_command.failed_empty.app_error", map[string]interface{}{"Trigger": trigger}, "", http.StatusInternalServerError)
}
return a.doCommandRequest(cmd, p)
}
response.TriggerId = clientTriggerId
func (a *App) doCommandRequest(cmd *model.Command, p url.Values) (*model.Command, *model.CommandResponse, *model.AppError) {
// Prepare the request
var req *http.Request
var err error
if cmd.Method == model.COMMAND_METHOD_GET {
req, err = http.NewRequest(http.MethodGet, cmd.URL, nil)
} else {
req, err = http.NewRequest(http.MethodPost, cmd.URL, strings.NewReader(p.Encode()))
}
if err != nil {
return cmd, nil, model.NewAppError("command", "api.command.execute_command.failed.app_error", map[string]interface{}{"Trigger": cmd.Trigger}, err.Error(), http.StatusInternalServerError)
}
return a.HandleCommandResponse(cmd, args, response, false)
if cmd.Method == model.COMMAND_METHOD_GET {
if req.URL.RawQuery != "" {
req.URL.RawQuery += "&"
}
req.URL.RawQuery += p.Encode()
}
return nil, model.NewAppError("command", "api.command.execute_command.not_found.app_error", map[string]interface{}{"Trigger": trigger}, "", http.StatusNotFound)
req.Header.Set("Accept", "application/json")
req.Header.Set("Authorization", "Token "+cmd.Token)
if cmd.Method == model.COMMAND_METHOD_POST {
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
}
// Send the request
resp, err := a.HTTPService.MakeClient(false).Do(req)
if err != nil {
return cmd, nil, model.NewAppError("command", "api.command.execute_command.failed.app_error", map[string]interface{}{"Trigger": cmd.Trigger}, err.Error(), http.StatusInternalServerError)
}
defer resp.Body.Close()
// Handle the response
body := io.LimitReader(resp.Body, MaxIntegrationResponseSize)
if resp.StatusCode != http.StatusOK {
// Ignore the error below because the resulting string will just be the empty string if bodyBytes is nil
bodyBytes, _ := ioutil.ReadAll(body)
return cmd, nil, model.NewAppError("command", "api.command.execute_command.failed_resp.app_error", map[string]interface{}{"Trigger": cmd.Trigger, "Status": resp.Status}, string(bodyBytes), http.StatusInternalServerError)
}
response, err := model.CommandResponseFromHTTPBody(resp.Header.Get("Content-Type"), body)
if err != nil {
return cmd, nil, model.NewAppError("command", "api.command.execute_command.failed.app_error", map[string]interface{}{"Trigger": cmd.Trigger}, err.Error(), http.StatusInternalServerError)
} else if response == nil {
return cmd, nil, model.NewAppError("command", "api.command.execute_command.failed_empty.app_error", map[string]interface{}{"Trigger": cmd.Trigger}, "", http.StatusInternalServerError)
}
return cmd, response, nil
}
func (a *App) HandleCommandResponse(command *model.Command, args *model.CommandArgs, response *model.CommandResponse, builtIn bool) (*model.CommandResponse, *model.AppError) {
......
......@@ -4,9 +4,15 @@
package app
import (
"io"
"net/http"
"net/http/httptest"
"net/url"
"strings"
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/mattermost/mattermost-server/model"
)
......@@ -65,3 +71,101 @@ func TestCreateCommandPost(t *testing.T) {
t.Fatal("should have failed - bad post type")
}
}
func TestDoCommandRequest(t *testing.T) {
th := Setup().InitBasic()
defer th.TearDown()
th.App.UpdateConfig(func(cfg *model.Config) {
cfg.ServiceSettings.AllowedUntrustedInternalConnections = model.NewString("127.0.0.1")
cfg.ServiceSettings.EnableCommands = model.NewBool(true)
})
t.Run("with a valid text response", func(t *testing.T) {
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
io.Copy(w, strings.NewReader("Hello, World!"))
}))
defer server.Close()
_, resp, err := th.App.doCommandRequest(&model.Command{URL: server.URL}, url.Values{})
require.Nil(t, err)
assert.NotNil(t, resp)
assert.Equal(t, "Hello, World!", resp.Text)
})
t.Run("with a valid json response", func(t *testing.T) {
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Header().Add("Content-Type", "application/json")
io.Copy(w, strings.NewReader(`{"text": "Hello, World!"}`))
}))
defer server.Close()
_, resp, err := th.App.doCommandRequest(&model.Command{URL: server.URL}, url.Values{})
require.Nil(t, err)
assert.NotNil(t, resp)
assert.Equal(t, "Hello, World!", resp.Text)
})
t.Run("with a large text response", func(t *testing.T) {
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
io.Copy(w, InfiniteReader{})
}))
defer server.Close()
// Since we limit the length of the response, no error will be returned and resp.Text will be a finite string
_, resp, err := th.App.doCommandRequest(&model.Command{URL: server.URL}, url.Values{})
require.Nil(t, err)
require.NotNil(t, resp)
})
t.Run("with a large, valid json response", func(t *testing.T) {
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Header().Add("Content-Type", "application/json")
io.Copy(w, io.MultiReader(strings.NewReader(`{"text": "`), InfiniteReader{}, strings.NewReader(`"}`)))
}))
defer server.Close()
_, _, err := th.App.doCommandRequest(&model.Command{URL: server.URL}, url.Values{})
require.NotNil(t, err)
require.Equal(t, "api.command.execute_command.failed.app_error", err.Id)
})
t.Run("with a large, invalid json response", func(t *testing.T) {
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Header().Add("Content-Type", "application/json")
io.Copy(w, InfiniteReader{})
}))
defer server.Close()
_, _, err := th.App.doCommandRequest(&model.Command{URL: server.URL}, url.Values{})
require.NotNil(t, err)
require.Equal(t, "api.command.execute_command.failed.app_error", err.Id)
})
// // This test has been commented out because it relies on test logic only available in 5.8+
// t.Run("with a slow response", func(t *testing.T) {
// timeout := 100 * time.Millisecond
// server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// time.Sleep(timeout + time.Millisecond)
// io.Copy(w, strings.NewReader(`{"text": "Hello, World!"}`))
// }))
// defer server.Close()
// th.App.HTTPService.(*httpservice.HTTPServiceImpl).RequestTimeout = timeout
// defer func() {
// th.App.HTTPService.(*httpservice.HTTPServiceImpl).RequestTimeout = httpservice.RequestTimeout
// }()
// _, _, err := th.App.doCommandRequest(&model.Command{URL: server.URL}, url.Values{})
// require.NotNil(t, err)
// require.Equal(t, "api.command.execute_command.failed.app_error", err.Id)
// })
}
......@@ -291,6 +291,10 @@ func (a *App) Desanitize(cfg *model.Config) {
cfg.GitLabSettings.Secret = actual.GitLabSettings.Secret
}
if cfg.PhabricatorSettings.Secret == model.FAKE_SETTING {
cfg.PhabricatorSettings.Secret = actual.PhabricatorSettings.Secret
}
if *cfg.SqlSettings.DataSource == model.FAKE_SETTING {
*cfg.SqlSettings.DataSource = *actual.SqlSettings.DataSource
}
......
......@@ -401,9 +401,10 @@ func (a *App) trackConfig() {
})
a.SendDiagnostic(TRACK_CONFIG_OAUTH, map[string]interface{}{
"enable_gitlab": cfg.GitLabSettings.Enable,
"enable_google": cfg.GoogleSettings.Enable,
"enable_office365": cfg.Office365Settings.Enable,
"enable_gitlab": cfg.GitLabSettings.Enable,
"enable_phabricator": cfg.PhabricatorSettings.Enable,
"enable_google": cfg.GoogleSettings.Enable,
"enable_office365": cfg.Office365Settings.Enable,
})
a.SendDiagnostic(TRACK_CONFIG_SUPPORT, map[string]interface{}{
......
......@@ -38,7 +38,7 @@ func TestMockHTTPService(t *testing.T) {
client := th.App.HTTPService.MakeClient(false)
resp, err := client.Get(url + "/get")
defer consumeAndClose(resp)
defer resp.Body.Close()
bodyContents, _ := ioutil.ReadAll(resp.Body)
......@@ -53,7 +53,7 @@ func TestMockHTTPService(t *testing.T) {
request, _ := http.NewRequest(http.MethodPut, url+"/put", nil)
resp, err := client.Do(request)
defer consumeAndClose(resp)
defer resp.Body.Close()
bodyContents, _ := ioutil.ReadAll(resp.Body)
......
......@@ -72,13 +72,12 @@ func (a *App) DoPostAction(postId, actionId, userId, selectedOption string) (str
}
resp, err := a.DoActionRequest(action.Integration.URL, request.ToJson())
if resp != nil {
defer consumeAndClose(resp)
}
if err != nil {
return "", err
}
defer resp.Body.Close()
var response model.PostActionIntegrationResponse
if err := json.NewDecoder(resp.Body).Decode(&response); err != nil {
return "", model.NewAppError("DoPostAction", "api.post.do_action.action_integration.app_error", nil, "err="+err.Error(), http.StatusBadRequest)
......@@ -182,14 +181,12 @@ func (a *App) SubmitInteractiveDialog(request model.SubmitDialogRequest) (*model
}
resp, err := a.DoActionRequest(url, b)
if resp != nil {
defer consumeAndClose(resp)
}
if err != nil {
return nil, err
}
defer resp.Body.Close()
var response model.SubmitDialogResponse
if err := json.NewDecoder(resp.Body).Decode(&response); err != nil {
// Don't fail, an empty response is acceptable
......
......@@ -281,10 +281,9 @@ func (a *App) sendToPushProxy(msg model.PushNotification, session *model.Session
return
}
defer resp.Body.Close()
pushResponse := model.PushResponseFromJson(resp.Body)
if resp.Body != nil {
consumeAndClose(resp)
}
if pushResponse[model.PUSH_STATUS] == model.PUSH_STATUS_REMOVE {
mlog.Info(fmt.Sprintf("Device was reported as removed for UserId=%v SessionId=%v removing push for this session", session.UserId, session.Id), mlog.String("user_id", session.UserId))
......
......@@ -710,9 +710,9 @@ func (a *App) AuthorizeOAuthUser(w http.ResponseWriter, r *http.Request, service
stateProps := model.MapFromJson(strings.NewReader(stateStr))
expectedToken, err := a.GetOAuthStateToken(stateProps["token"])
if err != nil {
return nil, "", stateProps, err
expectedToken, appErr := a.GetOAuthStateToken(stateProps["token"])
if appErr != nil {
return nil, "", stateProps, appErr
}
stateEmail := stateProps["email"]
......@@ -733,7 +733,10 @@ func (a *App) AuthorizeOAuthUser(w http.ResponseWriter, r *http.Request, service
return nil, "", stateProps, model.NewAppError("AuthorizeOAuthUser", "api.user.authorize_oauth_user.invalid_state.app_error", nil, "", http.StatusBadRequest)
}
a.DeleteToken(expectedToken)
appErr = a.DeleteToken(expectedToken)
if appErr != nil {
mlog.Error(appErr.Error())
}
cookie := &http.Cookie{
Name: COOKIE_OAUTH,
......@@ -759,53 +762,58 @@ func (a *App) AuthorizeOAuthUser(w http.ResponseWriter, r *http.Request, service
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
req.Header.Set("Accept", "application/json")
var ar *model.AccessResponse
var bodyBytes []byte
if resp, err := a.HTTPService.MakeClient(true).Do(req); err != nil {
resp, err := a.HTTPService.MakeClient(true).Do(req)
if err != nil {
return nil, "", stateProps, model.NewAppError("AuthorizeOAuthUser", "api.user.authorize_oauth_user.token_failed.app_error", nil, err.Error(), http.StatusInternalServerError)
} else {
bodyBytes, _ = ioutil.ReadAll(resp.Body)
resp.Body = ioutil.NopCloser(bytes.NewBuffer(bodyBytes))
}
defer resp.Body.Close()
ar = model.AccessResponseFromJson(resp.Body)
consumeAndClose(resp)
var buf bytes.Buffer
tee := io.TeeReader(resp.Body, &buf)
ar := model.AccessResponseFromJson(tee)
if ar == nil || resp.StatusCode != http.StatusOK {
return nil, "", stateProps, model.NewAppError("AuthorizeOAuthUser", "api.user.authorize_oauth_user.bad_response.app_error", nil, "response_body="+buf.String(), http.StatusInternalServerError)
if ar == nil || resp.StatusCode != http.StatusOK {
return nil, "", stateProps, model.NewAppError("AuthorizeOAuthUser", "api.user.authorize_oauth_user.bad_response.app_error", nil, "response_body="+string(bodyBytes), http.StatusInternalServerError)
}
}
if strings.ToLower(ar.TokenType) != model.ACCESS_TOKEN_TYPE {
return nil, "", stateProps, model.NewAppError("AuthorizeOAuthUser", "api.user.authorize_oauth_user.bad_token.app_error", nil, "token_type="+ar.TokenType+", response_body="+string(bodyBytes), http.StatusInternalServerError)
return nil, "", stateProps, model.NewAppError("AuthorizeOAuthUser", "api.user.authorize_oauth_user.bad_token.app_error", nil, "token_type="+ar.TokenType+", response_body="+buf.String(), http.StatusInternalServerError)
}
if len(ar.AccessToken) == 0 {
return nil, "", stateProps, model.NewAppError("AuthorizeOAuthUser", "api.user.authorize_oauth_user.missing.app_error", nil, "response_body="+string(bodyBytes), http.StatusInternalServerError)
return nil, "", stateProps, model.NewAppError("AuthorizeOAuthUser", "api.user.authorize_oauth_user.missing.app_error", nil, "response_body="+buf.String(), http.StatusInternalServerError)
}
p = url.Values{}
p.Set("access_token", ar.AccessToken)
req, _ = http.NewRequest("GET", sso.UserApiEndpoint, strings.NewReader(""))
endpointUrl := sso.UserApiEndpoint+"?access_token="+ar.AccessToken
req, _ = http.NewRequest("GET", endpointUrl, strings.NewReader(""))
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
req.Header.Set("Accept", "application/json")
req.Header.Set("Authorization", "Bearer "+ar.AccessToken)
if resp, err := a.HTTPService.MakeClient(true).Do(req); err != nil {
resp, err = a.HTTPService.MakeClient(true).Do(req)
if err != nil {
return nil, "", stateProps, model.NewAppError("AuthorizeOAuthUser", "api.user.authorize_oauth_user.service.app_error", map[string]interface{}{"Service": service}, err.Error(), http.StatusInternalServerError)
} else {
bodyBytes, _ = ioutil.ReadAll(resp.Body)
if resp.StatusCode != http.StatusOK {
bodyString := string(bodyBytes)
mlog.Error("Error getting OAuth user: " + bodyString)
if service == model.SERVICE_GITLAB && resp.StatusCode == http.StatusForbidden && strings.Contains(bodyString, "Terms of Service") {
return nil, "", stateProps, model.NewAppError("AuthorizeOAuthUser", "oauth.gitlab.tos.error", nil, "", http.StatusBadRequest)
}
} else if resp.StatusCode != http.StatusOK {
defer resp.Body.Close()
// Ignore the error below because the resulting string will just be the empty string if bodyBytes is nil
bodyBytes, _ := ioutil.ReadAll(resp.Body)
bodyString := string(bodyBytes)
mlog.Error("Error getting OAuth user: " + bodyString)
if service == model.SERVICE_GITLAB && resp.StatusCode == http.StatusForbidden && strings.Contains(bodyString, "Terms of Service") {
// Return a nicer error when the user hasn't accepted GitLab's terms of service
return nil, "", stateProps, model.NewAppError("AuthorizeOAuthUser", "oauth.gitlab.tos.error", nil, "", http.StatusBadRequest)
}
resp.Body = ioutil.NopCloser(bytes.NewBuffer(bodyBytes))
return resp.Body, teamId, stateProps, nil
return nil, "", stateProps, model.NewAppError("AuthorizeOAuthUser", "api.user.authorize_oauth_user.response.app_error", nil, "response_body="+bodyString, http.StatusInternalServerError)
}
// Note that resp.Body is not closed here, so it must be closed by the caller
return resp.Body, teamId, stateProps, nil
}
func (a *App) SwitchEmailToOAuth(w http.ResponseWriter, r *http.Request, email, password, code, service string) (string, *model.AppError) {
......
......@@ -20,7 +20,7 @@ func (a *App) GetOpenGraphMetadata(requestURL string) *opengraph.OpenGraph {
mlog.Error("GetOpenGraphMetadata request failed", mlog.String("requestURL", requestURL), mlog.Any("err", err))
return nil
}
defer consumeAndClose(res)
defer res.Body.Close()
return a.ParseOpenGraphMetadata(requestURL, res.Body, res.Header.Get("Content-Type"))
}
......
......@@ -523,6 +523,24 @@ func (api *PluginAPI) RemoveTeamIcon(teamId string) *model.AppError {
return nil
}
// Mail Section
func (api *PluginAPI) SendMail(to, subject, htmlBody string) *model.AppError {
if to == "" {
return model.NewAppError("SendMail", "plugin_api.send_mail.missing_to", nil, "", http.StatusBadRequest)
}
if subject == "" {
return model.NewAppError("SendMail", "plugin_api.send_mail.missing_subject", nil, "", http.StatusBadRequest)
}
if htmlBody == "" {
return model.NewAppError("SendMail", "plugin_api.send_mail.missing_htmlbody", nil, "", http.StatusBadRequest)
}
return api.app.SendMail(to, subject, htmlBody)
}
// Plugin Section
func (api *PluginAPI) GetPlugins() ([]*model.Manifest, *model.AppError) {
......
......@@ -18,6 +18,7 @@ import (
"github.com/mattermost/mattermost-server/model"
"github.com/mattermost/mattermost-server/plugin"
"github.com/mattermost/mattermost-server/services/mailservice"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
......@@ -637,3 +638,33 @@ func TestPluginAPIGetDirectChannel(t *testing.T) {
require.NotNil(t, err)
require.Empty(t, dm3)
}
func TestPluginAPISendMail(t *testing.T) {
th := Setup().InitBasic()
defer th.TearDown()
api := th.SetupPluginAPI()
to := th.BasicUser.Email
subject := "testing plugin api sending email"
body := "this is a test."
err := api.SendMail(to, subject, body)
require.Nil(t, err)
// Check if we received the email
var resultsMailbox mailservice.JSONMessageHeaderInbucket
errMail := mailservice.RetryInbucket(5, func() error {
var err error
resultsMailbox, err = mailservice.GetMailBox(to)
return err
})
require.Nil(t, errMail)
require.NotZero(t, len(resultsMailbox))
require.True(t, strings.ContainsAny(resultsMailbox[len(resultsMailbox)-1].To[0], to))
resultsEmail, err1 := mailservice.GetMessageFromMailbox(to, resultsMailbox[len(resultsMailbox)-1].ID)
require.Nil(t, err1)
require.Equal(t, resultsEmail.Subject, subject)
require.Equal(t, resultsEmail.Body.Text, body)
}
......@@ -91,7 +91,9 @@ func (a *App) PluginCommandsForTeam(teamId string) []*model.Command {
return commands
}
func (a *App) ExecutePluginCommand(args *model.CommandArgs) (*model.Command, *model.CommandResponse, *model.AppError) {
// tryExecutePluginCommand attempts to run a command provided by a plugin based on the given arguments. If no such
// command can be found, returns nil for all arguments.
func (a *App) tryExecutePluginCommand(args *model.CommandArgs) (*model.Command, *model.CommandResponse, *model.AppError) {
parts := strings.Split(args.Command, " ")
trigger := parts[0][1:]
trigger = strings.ToLower(trigger)
......
......@@ -339,7 +339,8 @@ func (a *App) getLinkMetadata(requestURL string, useCache bool) (*opengraph.Open
if err != nil {
return nil, nil, err
}
defer consumeAndClose(res)
defer res.Body.Close()
// Parse the data
og, image, err := a.parseLinkMetadata(requestURL, res.Body, res.Header.Get("Content-Type"))
......
......@@ -80,8 +80,9 @@ func (a *App) DoSecurityUpdateCheck() {
return
}
defer res.Body.Close()
bulletins := model.SecurityBulletinsFromJson(res.Body)
consumeAndClose(res)
for _, bulletin := range bulletins {
if bulletin.AppliesToVersion == model.CurrentVersion {
......
......@@ -8,8 +8,6 @@ import (
"crypto/ecdsa"
"crypto/tls"
"fmt"
"io"
"io/ioutil"
"net"
"net/http"
"net/url"
......@@ -385,16 +383,7 @@ func (a *App) OriginChecker() func(*http.Request) bool {
allowed += " " + siteURL.String()
}
}
return utils.OriginChecker(allowed)
}
return nil
}
// This is required to re-use the underlying connection and not take up file descriptors
func consumeAndClose(r *http.Response) {
if r.Body != nil {
io.Copy(ioutil.Discard, r.Body)
r.Body.Close()
}
}
......@@ -20,6 +20,8 @@ import (
const (
TRIGGERWORDS_EXACT_MATCH = 0
TRIGGERWORDS_STARTS_WITH = 1
MaxIntegrationResponseSize = 1024 * 1024 // Posts can be <100KB at most, so this is likely more than enough
)
func (a *App) handleWebhookEvents(post *model.Post, team *model.Team, channel *model.Channel, user *model.User) *model.AppError {
......@@ -101,55 +103,70 @@ func (a *App) TriggerWebhook(payload *model.OutgoingWebhookPayload, hook *model.
contentType = "application/x-www-form-urlencoded"
}
for _, url := range hook.CallbackURLs {
a.Srv.Go(func(url string) func() {
return func() {
req, _ := http.NewRequest("POST", url, body)
req.Header.Set("Content-Type", contentType)
req.Header.Set("Accept", "application/json")
if resp, err := a.HTTPService.MakeClient(false).Do(req); err != nil {
mlog.Error(fmt.Sprintf("Event POST failed, err=%s", err.Error()))
} else {
defer consumeAndClose(resp)
webhookResp := model.OutgoingWebhookResponseFromJson(resp.Body)
if webhookResp != nil && (webhookResp.Text != nil || len(webhookResp.Attachments) > 0) {
postRootId := ""
if webhookResp.ResponseType == model.OUTGOING_HOOK_RESPONSE_TYPE_COMMENT {
postRootId = post.Id
}
if len(webhookResp.Props) == 0 {
webhookResp.Props = make(model.StringInterface)
}
webhookResp.Props["webhook_display_name"] = hook.DisplayName
text := ""
if webhookResp.Text != nil {
text = a.ProcessSlackText(*webhookResp.Text)
}
webhookResp.Attachments = a.ProcessSlackAttachments(webhookResp.Attachments)
// attachments is in here for slack compatibility
if len(webhookResp.Attachments) > 0 {
webhookResp.Props["attachments"] = webhookResp.Attachments
}
if a.Config().ServiceSettings.EnablePostUsernameOverride && hook.Username != "" && webhookResp.Username == "" {
webhookResp.Username = hook.Username
}
if a.Config().ServiceSettings.EnablePostIconOverride && hook.IconURL != "" && webhookResp.IconURL == "" {
webhookResp.IconURL = hook.IconURL
}
if _, err := a.CreateWebhookPost(hook.CreatorId, channel, text, webhookResp.Username, webhookResp.IconURL, webhookResp.Props, webhookResp.Type, postRootId); err != nil {
mlog.Error(fmt.Sprintf("Failed to create response post, err=%v", err))
}
}
for i := range hook.CallbackURLs {
// Get the callback URL by index to properly capture it for the go func
url := hook.CallbackURLs[i]
a.Srv.Go(func() {
webhookResp, err := a.doOutgoingWebhookRequest(url, body, contentType)
if err != nil {
mlog.Error(fmt.Sprintf("Event POST failed, err=%s", err.Error()))
return
}
if webhookResp != nil && (webhookResp.Text != nil || len(webhookResp.Attachments) > 0) {
postRootId := ""
if webhookResp.ResponseType == model.OUTGOING_HOOK_RESPONSE_TYPE_COMMENT {
postRootId = post.Id
}
if len(webhookResp.Props) == 0 {
webhookResp.Props = make(model.StringInterface)
}
webhookResp.Props["webhook_display_name"] = hook.DisplayName
text := ""
if webhookResp.Text != nil {
text = a.ProcessSlackText(*webhookResp.Text)
}
webhookResp.Attachments = a.ProcessSlackAttachments(webhookResp.Attachments)
// attachments is in here for slack compatibility
if len(webhookResp.Attachments) > 0 {
webhookResp.Props["attachments"] = webhookResp.Attachments
}
if a.Config().ServiceSettings.EnablePostUsernameOverride && hook.Username != "" && webhookResp.Username == "" {
webhookResp.Username = hook.Username
}
if a.Config().ServiceSettings.EnablePostIconOverride && hook.IconURL != "" && webhookResp.IconURL == "" {
webhookResp.IconURL = hook.IconURL
}
if _, err := a.CreateWebhookPost(hook.CreatorId, channel, text, webhookResp.Username, webhookResp.IconURL, webhookResp.Props, webhookResp.Type, postRootId); err != nil {
mlog.Error(fmt.Sprintf("Failed to create response post, err=%v", err))
}
}
}(url))
})
}
}
func (a *App) doOutgoingWebhookRequest(url string, body io.Reader, contentType string) (*model.OutgoingWebhookResponse, error) {
req, err := http.NewRequest("POST", url, body)
if err != nil {
return nil, err
}
req.Header.Set("Content-Type", contentType)
req.Header.Set("Accept", "application/json")
resp, err := a.HTTPService.MakeClient(false).Do(req)
if err != nil {
return nil, err
}
defer resp.Body.Close()
return model.OutgoingWebhookResponseFromJson(io.LimitReader(resp.Body, MaxIntegrationResponseSize))
}
func SplitWebhookPost(post *model.Post, maxPostSize int) ([]*model.Post, *model.AppError) {
splits := make([]*model.Post, 0)
remainingText := post.Message
......
......@@ -4,17 +4,17 @@
package app
import (
"strings"
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"encoding/json"
"io"
"net/http"
"net/http/httptest"
"strings"
"testing"
"time"
"github.com/mattermost/mattermost-server/model"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestCreateIncomingWebhookForChannel(t *testing.T) {
......@@ -652,3 +652,92 @@ func TestTriggerOutGoingWebhookWithUsernameAndIconURL(t *testing.T) {
}
}
type InfiniteReader struct {
Prefix string
}
func (r InfiniteReader) Read(p []byte) (n int, err error) {
for i := range p {
p[i] = 'a'
}
return len(p), nil
}
func TestDoOutgoingWebhookRequest(t *testing.T) {
th := Setup().InitBasic()
defer th.TearDown()
th.App.UpdateConfig(func(cfg *model.Config) {
cfg.ServiceSettings.AllowedUntrustedInternalConnections = model.NewString("127.0.0.1")
cfg.ServiceSettings.EnableOutgoingWebhooks = true
})
t.Run("with a valid response", func(t *testing.T) {
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
io.Copy(w, strings.NewReader(`{"text": "Hello, World!"}`))
}))
defer server.Close()
resp, err := th.App.doOutgoingWebhookRequest(server.URL, strings.NewReader(""), "application/json")
require.Nil(t, err)
assert.NotNil(t, resp)
assert.NotNil(t, resp.Text)
assert.Equal(t, "Hello, World!", *resp.Text)
})
t.Run("with an invalid response", func(t *testing.T) {
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
io.Copy(w, strings.NewReader("aaaaaaaa"))
}))
defer server.Close()
_, err := th.App.doOutgoingWebhookRequest(server.URL, strings.NewReader(""), "application/json")
require.NotNil(t, err)
require.IsType(t, &json.SyntaxError{}, err)
})
t.Run("with a large, valid response", func(t *testing.T) {
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
io.Copy(w, io.MultiReader(strings.NewReader(`{"text": "`), InfiniteReader{}, strings.NewReader(`"}`)))
}))
defer server.Close()
_, err := th.App.doOutgoingWebhookRequest(server.URL, strings.NewReader(""), "application/json")
require.NotNil(t, err)
require.Equal(t, io.ErrUnexpectedEOF, err)
})
t.Run("with a large, invalid response", func(t *testing.T) {
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
io.Copy(w, InfiniteReader{})
}))
defer server.Close()
_, err := th.App.doOutgoingWebhookRequest(server.URL, strings.NewReader(""), "application/json")
require.NotNil(t, err)
require.IsType(t, &json.SyntaxError{}, err)
})
// // This test has been commented out because it relies on test logic only available in 5.8+
// t.Run("with a slow response", func(t *testing.T) {
// timeout := 100 * time.Millisecond
// server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// time.Sleep(timeout + time.Millisecond)
// io.Copy(w, strings.NewReader(`{"text": "Hello, World!"}`))
// }))
// defer server.Close()
// th.App.HTTPService.(*httpservice.HTTPServiceImpl).RequestTimeout = timeout
// defer func() {
// th.App.HTTPService.(*httpservice.HTTPServiceImpl).RequestTimeout = httpservice.RequestTimeout
// }()
// _, err := th.App.doOutgoingWebhookRequest(server.URL, strings.NewReader(""), "application/json")
// require.NotNil(t, err)
// require.IsType(t, &url.Error{}, err)
// })
}
......@@ -13,7 +13,7 @@ build-windows:
@echo Build Windows amd64
env GOOS=windows GOARCH=amd64 $(GO) install -i $(GOFLAGS) $(GO_LINKER_FLAGS) ./...
build: build-linux build-windows build-osx
build: build-linux
build-client:
@echo Building mattermost web app
......@@ -67,36 +67,36 @@ endif
@# ----- PLATFORM SPECIFIC -----
@# Make osx package
@# Copy binary
ifeq ($(BUILDER_GOOS_GOARCH),"darwin_amd64")
cp $(GOPATH)/bin/mattermost $(DIST_PATH)/bin # from native bin dir, not cross-compiled
cp $(GOPATH)/bin/platform $(DIST_PATH)/bin # from native bin dir, not cross-compiled
else
cp $(GOPATH)/bin/darwin_amd64/mattermost $(DIST_PATH)/bin # from cross-compiled bin dir
cp $(GOPATH)/bin/darwin_amd64/platform $(DIST_PATH)/bin # from cross-compiled bin dir
endif
@# Package
tar -C dist -czf $(DIST_PATH)-$(BUILD_TYPE_NAME)-osx-amd64.tar.gz mattermost
@# Cleanup
rm -f $(DIST_PATH)/bin/mattermost
rm -f $(DIST_PATH)/bin/platform
@# Make windows package
@# Copy binary
ifeq ($(BUILDER_GOOS_GOARCH),"windows_amd64")
cp $(GOPATH)/bin/mattermost.exe $(DIST_PATH)/bin # from native bin dir, not cross-compiled
cp $(GOPATH)/bin/platform.exe $(DIST_PATH)/bin # from native bin dir, not cross-compiled
else
cp $(GOPATH)/bin/windows_amd64/mattermost.exe $(DIST_PATH)/bin # from cross-compiled bin dir
cp $(GOPATH)/bin/windows_amd64/platform.exe $(DIST_PATH)/bin # from cross-compiled bin dir
endif
@# Package
cd $(DIST_ROOT) && zip -9 -r -q -l mattermost-$(BUILD_TYPE_NAME)-windows-amd64.zip mattermost && cd ..
@# Cleanup
rm -f $(DIST_PATH)/bin/mattermost.exe
rm -f $(DIST_PATH)/bin/platform.exe
# @# Make osx package
# @# Copy binary
#ifeq ($(BUILDER_GOOS_GOARCH),"darwin_amd64")
# cp $(GOPATH)/bin/mattermost $(DIST_PATH)/bin # from native bin dir, not cross-compiled
# cp $(GOPATH)/bin/platform $(DIST_PATH)/bin # from native bin dir, not cross-compiled
#else
# cp $(GOPATH)/bin/darwin_amd64/mattermost $(DIST_PATH)/bin # from cross-compiled bin dir
# cp $(GOPATH)/bin/darwin_amd64/platform $(DIST_PATH)/bin # from cross-compiled bin dir
#endif
# @# Package
# tar -C dist -czf $(DIST_PATH)-$(BUILD_TYPE_NAME)-osx-amd64.tar.gz mattermost
# @# Cleanup
# rm -f $(DIST_PATH)/bin/mattermost
# rm -f $(DIST_PATH)/bin/platform
#
# @# Make windows package
# @# Copy binary
#ifeq ($(BUILDER_GOOS_GOARCH),"windows_amd64")
# cp $(GOPATH)/bin/mattermost.exe $(DIST_PATH)/bin # from native bin dir, not cross-compiled
# cp $(GOPATH)/bin/platform.exe $(DIST_PATH)/bin # from native bin dir, not cross-compiled
#else
# cp $(GOPATH)/bin/windows_amd64/mattermost.exe $(DIST_PATH)/bin # from cross-compiled bin dir
# cp $(GOPATH)/bin/windows_amd64/platform.exe $(DIST_PATH)/bin # from cross-compiled bin dir
#endif
# @# Package
# cd $(DIST_ROOT) && zip -9 -r -q -l mattermost-$(BUILD_TYPE_NAME)-windows-amd64.zip mattermost && cd ..
# @# Cleanup
# rm -f $(DIST_PATH)/bin/mattermost.exe
# rm -f $(DIST_PATH)/bin/platform.exe
#
@# Make linux package
@# Copy binary
ifeq ($(BUILDER_GOOS_GOARCH),"linux_amd64")
......
......@@ -10,6 +10,7 @@ import (
// Plugins
_ "github.com/mattermost/mattermost-server/model/gitlab"
_ "github.com/mattermost/mattermost-server/model/phabricator"
// Enterprise Imports
_ "github.com/mattermost/mattermost-server/imports"
......
......@@ -253,6 +253,15 @@
"TokenEndpoint": "",
"UserApiEndpoint": ""
},
"PhabricatorSettings": {
"Enable": false,
"Secret": "",
"Id": "",
"Scope": "",
"AuthEndpoint": "",
"TokenEndpoint": "",
"UserApiEndpoint": ""
},
"GoogleSettings": {
"Enable": false,
"Secret": "",
......
[
{
"id": "April",
"translation": "April"
},
{
"id": "August",
"translation": "August"
},
{
"id": "December",
"translation": "Dezember"
},
{
"id": "February",
"translation": "Februar"
},
{
"id": "January",
"translation": "Januar"
},
{
"id": "July",
"translation": "Juli"
},
{
"id": "June",
"translation": "Juni"
},
{
"id": "March",
"translation": "März"
},
{
"id": "May",
"translation": "Mai"
},
{
"id": "November",
"translation": "November"
},
{
"id": "October",
"translation": "Oktober"
},
{
"id": "September",
"translation": "September"
},
{
"id": "actiance.export.marshalToXml.appError",
"translation": "Konnte Export nicht in XML konvertieren."
......@@ -1720,7 +1768,7 @@
},
{
"id": "api.team.set_team_icon.encode.app_error",
"translation": "Konnte Teamsymbol nicht kodieren"
"translation": "Konnte Teamsymbol nicht kodieren."
},
{
"id": "api.team.set_team_icon.get_team.app_error",
......@@ -2144,7 +2192,7 @@
},
{
"id": "api.user.get_user_by_email.permissions.app_error",
"translation": "Unable to get user by email."
"translation": "Konnte Benutzer nicht nach Mail abrufen."
},
{
"id": "api.user.ldap_to_email.not_available.app_error",
......@@ -4858,6 +4906,18 @@
"id": "plugin_api.get_file_link.no_post.app_error",
"translation": "Öffentlicher Link für Datei konnte nicht abgerufen werden. Datei muss an einen Beitrag angehängt sein, der gelesen werden kann."
},
{
"id": "plugin_api.send_mail.missing_htmlbody",
"translation": "Missing HTML Body."
},
{
"id": "plugin_api.send_mail.missing_subject",
"translation": "Missing email subject."
},
{
"id": "plugin_api.send_mail.missing_to",
"translation": "Missing TO address."
},
{
"id": "store.sql.convert_string_array",
"translation": "FromDb: Konnte StringArray nicht zu *string konvertieren"
......
......@@ -2090,6 +2090,10 @@
"id": "api.user.authorize_oauth_user.missing.app_error",
"translation": "Missing access token"
},
{
"id": "api.user.authorize_oauth_user.response.app_error",
"translation": "Received invalid response from OAuth service provider"
},
{
"id": "api.user.authorize_oauth_user.service.app_error",
"translation": "Token request to {{.Service}} failed"
......@@ -4906,6 +4910,18 @@
"id": "plugin.api.update_user_status.bad_status",
"translation": "Unable to set the user status. Unknown user status."
},
{
"id": "plugin_api.send_mail.missing_htmlbody",
"translation": "Missing HTML Body."
},
{
"id": "plugin_api.send_mail.missing_to",
"translation": "Missing TO address."
},
{
"id": "plugin_api.send_mail.missing_subject",
"translation": "Missing email subject."
},
{
"id": "store.sql_channel.remove_all_deactivated_members.app_error",
"translation": "We could not remove the deactivated users from the channel"
......
[
{
"id": "April",
"translation": "Abril"
},
{
"id": "August",
"translation": "Agosto"
},
{
"id": "December",
"translation": "Diciembre"
},
{
"id": "February",
"translation": "Febrero"
},
{
"id": "January",
"translation": "Enero"
},
{
"id": "July",
"translation": "Julio"
},
{
"id": "June",
"translation": "Junio"
},
{
"id": "March",
"translation": "Marzo"
},
{
"id": "May",
"translation": "Mayo"
},
{
"id": "November",
"translation": "Noviembre"
},
{
"id": "October",
"translation": "Octubre"
},
{
"id": "September",
"translation": "Septiembre"
},
{
"id": "actiance.export.marshalToXml.appError",
"translation": "No se puede convertir la exportación a XML."
......@@ -2144,7 +2192,7 @@
},
{
"id": "api.user.get_user_by_email.permissions.app_error",
"translation": "Unable to get user by email."
"translation": "No se pudo obtener el usuario a través del email."
},
{
"id": "api.user.ldap_to_email.not_available.app_error",
......@@ -4858,6 +4906,18 @@
"id": "plugin_api.get_file_link.no_post.app_error",
"translation": "No se puede obtener el enlace público para el archivo. El archivo debe estar adjunto a un mensaje que puede ser leído."
},
{
"id": "plugin_api.send_mail.missing_htmlbody",
"translation": "Missing HTML Body."
},
{
"id": "plugin_api.send_mail.missing_subject",
"translation": "Missing email subject."
},
{
"id": "plugin_api.send_mail.missing_to",
"translation": "Missing TO address."
},
{
"id": "store.sql.convert_string_array",
"translation": "Desde BD: No se puede convertir StringArray a *string"
......
This diff is collapsed.
[
{
"id": "April",
"translation": "Aprile"
},
{
"id": "August",
"translation": "Agosto"
},
{
"id": "December",
"translation": "Dicembre"
},
{
"id": "February",
"translation": "Febbraio"
},