initial commit
This commit is contained in:
Hampus Kraft
220
tests/integration/message_read_history_permissions_test.go
Normal file
220
tests/integration/message_read_history_permissions_test.go
Normal file
@@ -0,0 +1,220 @@
|
||||
/*
|
||||
* Copyright (C) 2026 Fluxer Contributors
|
||||
*
|
||||
* This file is part of Fluxer.
|
||||
*
|
||||
* Fluxer is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* Fluxer is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with Fluxer. If not, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
package integration
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
"testing"
|
||||
)
|
||||
|
||||
func TestMessageReadHistoryPermissions(t *testing.T) {
|
||||
client := newTestClient(t)
|
||||
owner := createTestAccount(t, client)
|
||||
member := createTestAccount(t, client)
|
||||
ensureSessionStarted(t, client, owner.Token)
|
||||
ensureSessionStarted(t, client, member.Token)
|
||||
|
||||
guild := createGuild(t, client, owner.Token, "Read History Guild")
|
||||
channelID := parseSnowflake(t, guild.SystemChannel)
|
||||
|
||||
invite := createChannelInvite(t, client, owner.Token, channelID)
|
||||
resp, err := client.postJSONWithAuth(fmt.Sprintf("/invites/%s", invite.Code), nil, member.Token)
|
||||
if err != nil {
|
||||
t.Fatalf("failed to accept invite: %v", err)
|
||||
}
|
||||
assertStatus(t, resp, http.StatusOK)
|
||||
resp.Body.Close()
|
||||
|
||||
message := sendChannelMessage(t, client, owner.Token, channelID, "root message")
|
||||
messageID := parseSnowflake(t, message.ID)
|
||||
|
||||
setReadHistoryDenied := func(deny bool) {
|
||||
if deny {
|
||||
resp, err = client.requestJSON(
|
||||
http.MethodPut,
|
||||
fmt.Sprintf("/channels/%d/permissions/%s", channelID, member.UserID),
|
||||
map[string]any{
|
||||
"type": 1,
|
||||
"deny": fmt.Sprintf("%d", int64(1<<16)),
|
||||
},
|
||||
owner.Token,
|
||||
)
|
||||
} else {
|
||||
resp, err = client.delete(
|
||||
fmt.Sprintf("/channels/%d/permissions/%s", channelID, member.UserID),
|
||||
owner.Token,
|
||||
)
|
||||
}
|
||||
|
||||
if err != nil {
|
||||
t.Fatalf("failed to update overwrite: %v", err)
|
||||
}
|
||||
assertStatus(t, resp, http.StatusNoContent)
|
||||
resp.Body.Close()
|
||||
}
|
||||
|
||||
t.Run("list messages returns empty when missing READ_MESSAGE_HISTORY", func(t *testing.T) {
|
||||
setReadHistoryDenied(true)
|
||||
defer setReadHistoryDenied(false)
|
||||
|
||||
resp, err := client.getWithAuth(fmt.Sprintf("/channels/%d/messages", channelID), member.Token)
|
||||
if err != nil {
|
||||
t.Fatalf("failed to get messages: %v", err)
|
||||
}
|
||||
assertStatus(t, resp, http.StatusOK)
|
||||
var messages []map[string]any
|
||||
decodeJSONResponse(t, resp, &messages)
|
||||
if len(messages) != 0 {
|
||||
t.Fatalf("expected no messages, got %d", len(messages))
|
||||
}
|
||||
})
|
||||
|
||||
t.Run("reply requires READ_MESSAGE_HISTORY", func(t *testing.T) {
|
||||
setReadHistoryDenied(true)
|
||||
defer setReadHistoryDenied(false)
|
||||
|
||||
payload := map[string]any{
|
||||
"content": "cannot reply",
|
||||
"message_reference": map[string]any{
|
||||
"message_id": fmt.Sprintf("%d", messageID),
|
||||
},
|
||||
}
|
||||
|
||||
resp, err := client.postJSONWithAuth(fmt.Sprintf("/channels/%d/messages", channelID), payload, member.Token)
|
||||
if err != nil {
|
||||
t.Fatalf("failed to post reply: %v", err)
|
||||
}
|
||||
if resp.StatusCode != http.StatusForbidden {
|
||||
t.Fatalf("expected 403 when missing READ_MESSAGE_HISTORY, got %d", resp.StatusCode)
|
||||
}
|
||||
resp.Body.Close()
|
||||
})
|
||||
|
||||
t.Run("cannot reply to system message", func(t *testing.T) {
|
||||
setReadHistoryDenied(false)
|
||||
|
||||
systemSource := sendChannelMessage(t, client, owner.Token, channelID, "pin me")
|
||||
sourceID := parseSnowflake(t, systemSource.ID)
|
||||
|
||||
resp, err := client.putWithAuth(fmt.Sprintf("/channels/%d/pins/%d", channelID, sourceID), owner.Token)
|
||||
if err != nil {
|
||||
t.Fatalf("failed to pin message: %v", err)
|
||||
}
|
||||
assertStatus(t, resp, http.StatusNoContent)
|
||||
resp.Body.Close()
|
||||
|
||||
resp, err = client.getWithAuth(fmt.Sprintf("/channels/%d/messages?limit=10", channelID), owner.Token)
|
||||
if err != nil {
|
||||
t.Fatalf("failed to fetch messages: %v", err)
|
||||
}
|
||||
assertStatus(t, resp, http.StatusOK)
|
||||
var messages []struct {
|
||||
ID string `json:"id"`
|
||||
Type int `json:"type"`
|
||||
}
|
||||
decodeJSONResponse(t, resp, &messages)
|
||||
|
||||
var systemMessageID string
|
||||
for _, m := range messages {
|
||||
if m.Type != 0 && m.Type != 19 {
|
||||
systemMessageID = m.ID
|
||||
break
|
||||
}
|
||||
}
|
||||
if systemMessageID == "" {
|
||||
t.Fatalf("failed to find system message to reply to")
|
||||
}
|
||||
|
||||
payload := map[string]any{
|
||||
"content": "no system replies",
|
||||
"message_reference": map[string]any{
|
||||
"message_id": systemMessageID,
|
||||
},
|
||||
}
|
||||
|
||||
resp, err = client.postJSONWithAuth(fmt.Sprintf("/channels/%d/messages", channelID), payload, member.Token)
|
||||
if err != nil {
|
||||
t.Fatalf("failed to post reply: %v", err)
|
||||
}
|
||||
if resp.StatusCode != http.StatusBadRequest {
|
||||
t.Fatalf("expected 400 when replying to system message, got %d", resp.StatusCode)
|
||||
}
|
||||
resp.Body.Close()
|
||||
})
|
||||
|
||||
t.Run("adding reaction requires READ_MESSAGE_HISTORY", func(t *testing.T) {
|
||||
setReadHistoryDenied(true)
|
||||
defer setReadHistoryDenied(false)
|
||||
|
||||
resp, err := client.putWithAuth(
|
||||
fmt.Sprintf("/channels/%d/messages/%d/reactions/👍/@me", channelID, messageID),
|
||||
member.Token,
|
||||
)
|
||||
if err != nil {
|
||||
t.Fatalf("failed to add reaction: %v", err)
|
||||
}
|
||||
if resp.StatusCode != http.StatusForbidden {
|
||||
t.Fatalf("expected 403 when adding reaction without READ_MESSAGE_HISTORY, got %d", resp.StatusCode)
|
||||
}
|
||||
resp.Body.Close()
|
||||
})
|
||||
|
||||
t.Run("search requires READ_MESSAGE_HISTORY", func(t *testing.T) {
|
||||
setReadHistoryDenied(true)
|
||||
defer setReadHistoryDenied(false)
|
||||
|
||||
resp, err := client.postJSONWithAuth(
|
||||
"/search/messages",
|
||||
map[string]any{
|
||||
"content": "root",
|
||||
"context_channel_id": fmt.Sprintf("%d", channelID),
|
||||
},
|
||||
member.Token,
|
||||
)
|
||||
if err != nil {
|
||||
t.Fatalf("failed to search messages: %v", err)
|
||||
}
|
||||
if resp.StatusCode != http.StatusForbidden {
|
||||
t.Fatalf("expected 403 when searching without READ_MESSAGE_HISTORY, got %d", resp.StatusCode)
|
||||
}
|
||||
resp.Body.Close()
|
||||
})
|
||||
|
||||
t.Run("pins are hidden without READ_MESSAGE_HISTORY", func(t *testing.T) {
|
||||
setReadHistoryDenied(true)
|
||||
defer setReadHistoryDenied(false)
|
||||
|
||||
resp, err := client.getWithAuth(fmt.Sprintf("/channels/%d/messages/pins", channelID), member.Token)
|
||||
if err != nil {
|
||||
t.Fatalf("failed to get pins: %v", err)
|
||||
}
|
||||
assertStatus(t, resp, http.StatusOK)
|
||||
|
||||
var pinsResponse struct {
|
||||
Items []any `json:"items"`
|
||||
HasMore bool `json:"has_more"`
|
||||
}
|
||||
decodeJSONResponse(t, resp, &pinsResponse)
|
||||
if len(pinsResponse.Items) != 0 {
|
||||
t.Fatalf("expected no pins when missing READ_MESSAGE_HISTORY, got %d", len(pinsResponse.Items))
|
||||
}
|
||||
})
|
||||
}
|
||||
Reference in New Issue
Block a user