MM-27230 Cypress/E2E: Automate backlogs - BOT Accounts - Part 07 (10 …

…test cases) (mattermost#7040) Co-authored-by: Saturnino Abril <[email protected]> Co-authored-by: Prapti <[email protected]> Co-authored-by: Mattermod <[email protected]>
koox00 · Dec 31, 2020 · af35957 · af35957
1 parent 24ccba7
commit af35957
Show file tree

Hide file tree

Showing 2 changed files with 240 additions and 4 deletions.
diff --git a/e2e/cypress/integration/bot_accounts/bot_api_spec.js b/e2e/cypress/integration/bot_accounts/bot_api_spec.js
@@ -17,9 +17,11 @@ describe('Bot accounts ownership and API', () => {
  let newUser;
  let newChannel;
  let newBot;
-
+ let adminUser;
  beforeEach(() => {
- cy.apiAdminLogin();
+ cy.apiAdminLogin().then(({user}) => {
+ adminUser = user;
+ });
 
  cy.apiInitSetup().then(({team, user, channel}) => {
  newTeam = team;
@@ -32,6 +34,7 @@ describe('Bot accounts ownership and API', () => {
  // # Set ServiceSettings to expected values
  const newSettings = {
  ServiceSettings: {
+ EnforceMultifactorAuthentication: false,
  EnableBotAccountCreation: true,
  },
  };
@@ -246,4 +249,235 @@ describe('Bot accounts ownership and API', () => {
  });
  });
  });
+ it('MM-T1872 Bot can post to DM channel', () => {
+ // # Create DM channel that bot doesn't belong to
+ cy.apiCreateDirectChannel([newUser.id, adminUser.id]).then(({channel}) => {
+ // # Create token for the bot
+ cy.apiAccessToken(newBot.user_id, 'some text').then(({token}) => {
+ const msg1 = 'this is a bot message ' + botName;
+
+ // # Post test message
+ cy.postBotMessage({message: msg1, token, channelId: channel.id});
+
+ // # Validate post presence
+ cy.visit(`/${newTeam.name}/channels/` + channel.name);
+
+ cy.getLastPostId().then((postId) => {
+ // * Validate post was created
+ cy.get(`#postMessageText_${postId}`, {timeout: TIMEOUTS.ONE_MIN}).should('contain', msg1);
+ });
+ });
+ });
+ });
+
+ it('MM-T1874 Bots can post when MFA is enforced', () => {
+ // # Create token for the bot
+ cy.apiAccessToken(newBot.user_id, 'some text').then(({token}) => {
+ const msg1 = 'this is a bot message ' + botName;
+ cy.postBotMessage({channelId: newChannel.id, message: msg1, props: {attachments: [{pretext: 'Look some text', text: 'This is text'}]}, token});
+
+ // # Visit test channel
+ cy.visit(`/${newTeam.name}/channels/` + newChannel.name);
+
+ // * Validate post was created
+ cy.findByText(msg1).should('be.visible');
+
+ const newSettings = {
+ ServiceSettings: {
+ EnforceMultifactorAuthentication: true,
+ },
+ };
+ cy.apiUpdateConfig(newSettings);
+
+ const msg2 = 'this is a bot message2 ' + botName;
+ cy.postBotMessage({channelId: newChannel.id, message: msg2, props: {attachments: [{pretext: 'Look some text', text: 'This is text'}]}, token});
+
+ cy.visit(`/${newTeam.name}/channels/` + newChannel.name);
+
+ // * Validate post was created
+ cy.findByText(msg2).should('be.visible');
+ });
+ });
+
+ it('MM-T1875 A bot cannot create another bot', () => {
+ // # Create token for the bot
+ cy.apiAccessToken(newBot.user_id, 'some text').then(({token}) => {
+ // # Logout to allow posting as bot
+ cy.apiLogout();
+
+ // # Try to create a new bot
+ cy.request({
+ headers: {'X-Requested-With': 'XMLHttpRequest', Authorization: `Bearer ${token}`},
+ url: '/api/v4/bots',
+ method: 'POST',
+ failOnStatusCode: false,
+ body: {
+ username: botName + '333',
+ display_name: 'some text',
+ description: 'some text',
+ },
+ }).then((response) => {
+ // * Validate that request was denied
+ expect(response.status).to.equal(403);
+ });
+ });
+ });
+
+ it('MM-T1877 Reactivate a deactivated bot', () => {
+ // # Create private channel that bot doesn't belong to
+ cy.apiCreateDirectChannel([newUser.id, adminUser.id]).then(({channel}) => {
+ // # Create token for the bot
+ cy.apiAccessToken(newBot.user_id, 'some text').then(({token}) => {
+ const msg1 = 'this is a bot message ' + botName;
+
+ // # Create a post
+ cy.postBotMessage({channelId: channel.id, message: msg1, token});
+
+ cy.visit(`/${newTeam.name}/channels/` + channel.name);
+
+ cy.getLastPostId().then((postId) => {
+ // * Validate post was created
+ cy.get(`#postMessageText_${postId}`, {timeout: TIMEOUTS.ONE_MIN}).should('contain', msg1);
+ });
+
+ // # Disable the bot
+ cy.visit(`/${newTeam.name}/integrations/bots`);
+
+ cy.findByText(`Test Bot (@${botName})`).scrollIntoView().parent().findByText('Disable').click();
+
+ // # Try to post again
+ const msg2 = 'this is a bot message2 ' + botName;
+
+ // # Logout to allow posting as bot
+ cy.apiLogout();
+
+ // # Create a post
+ cy.postBotMessage({channelId: channel.id, message: msg2, token, failOnStatus: false}).then(({status}) => {
+ // * Validate that posting failed
+ expect(status, 403);
+ });
+
+ cy.apiAdminLogin();
+
+ // # Enable the bot again
+ cy.visit(`/${newTeam.name}/integrations/bots`);
+ cy.findByText(`Test Bot (@${botName})`).scrollIntoView().parent().findByText('Enable').click();
+
+ // # Try to post again
+
+ // * Validate that posting works
+ cy.postBotMessage({channelId: channel.id, message: msg2, token});
+
+ // * Validate post presence
+ cy.visit(`/${newTeam.name}/channels/` + channel.name);
+
+ cy.getLastPostId().then((postId) => {
+ // * Validate post was created
+ cy.get(`#postMessageText_${postId}`, {timeout: TIMEOUTS.ONE_MIN}).should('contain', msg2);
+ });
+ });
+ });
+ });
+
+ it('MM-T1878 Disable token can not be used to post', () => {
+ // # Create DM channel that bot doesn't belong to
+ cy.apiCreateDirectChannel([newUser.id, adminUser.id]).then(({channel}) => {
+ // # Create token for the bot
+ cy.apiAccessToken(newBot.user_id, 'some text').then(({token, id}) => {
+ const msg1 = 'this is a bot message ' + botName;
+
+ // # Create a post
+ cy.postBotMessage({channelId: channel.id, message: msg1, token});
+
+ // # Validate post presence
+ cy.visit(`/${newTeam.name}/channels/` + channel.name);
+
+ cy.getLastPostId().then((postId) => {
+ // * Validate post was created
+ cy.get(`#postMessageText_${postId}`, {timeout: TIMEOUTS.ONE_MIN}).should('contain', msg1);
+ });
+
+ // # Disable the bot token
+ cy.visit(`/${newTeam.name}/integrations/bots`);
+
+ cy.findByText(`Test Bot (@${botName})`).then((el) => {
+ // # Make sure it's on the screen
+ cy.wrap(el[0].parentElement.parentElement).scrollIntoView();
+ cy.get(`[name="${id}_deactivate"]`).click();
+ });
+
+ // # Try to post again
+ const msg2 = 'this is a bot message2 ' + botName;
+
+ // # Create a post
+ cy.postBotMessage({channelId: channel.id, message: msg2, token, failOnStatus: false}).then(({status}) => {
+ // * Validate that posting failed
+ expect(status, 403);
+ });
+
+ // # Enable the bot token again
+ cy.visit(`/${newTeam.name}/integrations/bots`);
+
+ cy.findByText(`Test Bot (@${botName})`).then((el) => {
+ // # Make sure it's on the screen
+ cy.wrap(el[0].parentElement.parentElement).scrollIntoView();
+ cy.get(`[name="${id}_activate"]`).click();
+ });
+
+ // # Try to post again
+ // * Validate that posting works
+ cy.postBotMessage({channelId: channel.id, message: msg2, token});
+
+ // # Validate post presence
+ cy.visit(`/${newTeam.name}/channels/` + channel.name);
+
+ cy.getLastPostId().then((postId) => {
+ // * Validate post was created
+ cy.get(`#postMessageText_${postId}`, {timeout: TIMEOUTS.ONE_MIN}).should('contain', msg2);
+ });
+ });
+ });
+ });
+
+ it('MM-T1880 Deleted token can not be used to post', () => {
+ // # Create private channel that bot doesn't belong to
+ cy.apiCreateDirectChannel([newUser.id, adminUser.id]).then(({channel}) => {
+ // # Create token for the bot
+ cy.apiAccessToken(newBot.user_id, 'some text').then(({token, id}) => {
+ const msg1 = 'this is a bot message ' + botName;
+
+ // # Create a post
+ cy.postBotMessage({channelId: channel.id, message: msg1, token});
+
+ // # Validate post presence
+ cy.visit(`/${newTeam.name}/channels/` + channel.name);
+
+ cy.getLastPostId().then((postId) => {
+ // * Validate post was created
+ cy.get(`#postMessageText_${postId}`, {timeout: TIMEOUTS.ONE_MIN}).should('contain', msg1);
+ });
+
+ // # Disable the bot token
+ cy.visit(`/${newTeam.name}/integrations/bots`);
+
+ cy.findByText(`Test Bot (@${botName})`).then((el) => {
+ // # Make sure it's on the screen
+ cy.wrap(el[0].parentElement.parentElement).scrollIntoView();
+
+ // # Delete token
+ cy.get(`[name="${id}_delete"]`).click();
+ cy.get('#confirmModalButton').click();
+
+ // # Try to post again
+ const msg2 = 'this is a bot message2 ' + botName;
+
+ // # Create a post
+ cy.postBotMessage({channelId: channel.id, message: msg2, token, failOnStatus: false}).then(({status}) => {
+ // * Validate that posting failed
+ expect(status, 403);
+ });
+ });
+ });
+ });
+ });
 });
diff --git a/e2e/cypress/support/task_commands.js b/e2e/cypress/support/task_commands.js
@@ -93,11 +93,13 @@ Cypress.Commands.add('externalRequest', ({user, method, path, data}) => {
 * @param {String} message - message in a post
 * @param {Object} channelId - where a post will be posted
 */
-Cypress.Commands.add('postBotMessage', ({token, message, props, channelId, rootId, createAt}) => {
+Cypress.Commands.add('postBotMessage', ({token, message, props, channelId, rootId, createAt, failOnStatus = true}) => {
  const baseUrl = Cypress.config('baseUrl');
 
  return cy.task('postBotMessage', {token, message, props, channelId, rootId, createAt, baseUrl}).then(({status, data}) => {
- expect(status).to.equal(201);
+ if (failOnStatus) {
+ expect(status).to.equal(201);
+ }
 
  // # Return the data so it can be interacted in a test
  return cy.wrap({id: data.id, status, data});