From b2795825e4b8d84c81343449e082fb394813cf4d Mon Sep 17 00:00:00 2001
From: Leif Battermann <leif.battermann@wire.com>
Date: Wed, 22 May 2024 11:48:19 +0200
Subject: [PATCH] WPB-8757 Port flaky legalhold test from galley to integration
 (#4057)

---
 changelog.d/5-internal/WPB-8757               |  1 +
 integration/test/Test/LegalHold.hs            | 25 ++++++++
 .../test/integration/API/Teams/LegalHold.hs   | 62 +------------------
 3 files changed, 27 insertions(+), 61 deletions(-)
 create mode 100644 changelog.d/5-internal/WPB-8757

diff --git a/changelog.d/5-internal/WPB-8757 b/changelog.d/5-internal/WPB-8757
new file mode 100644
index 00000000000..55c87d5d8e3
--- /dev/null
+++ b/changelog.d/5-internal/WPB-8757
@@ -0,0 +1 @@
+Ported flaky legalhold test to the new integration test suite
diff --git a/integration/test/Test/LegalHold.hs b/integration/test/Test/LegalHold.hs
index 175721bf399..15104532867 100644
--- a/integration/test/Test/LegalHold.hs
+++ b/integration/test/Test/LegalHold.hs
@@ -912,3 +912,28 @@ testLHCannotCreateGroupWithUsersInConflict = do
 
     postConversation bob defProteus {qualifiedUsers = [debora, alice], newUsersRole = "wire_member", team = Just tidAlice}
       >>= assertLabel 403 "missing-legalhold-consent"
+
+testNoConsentCannotBeInvited :: HasCallStack => App ()
+testNoConsentCannotBeInvited = do
+  -- team that is legalhold whitelisted
+  (legalholder, tidLH, userLHNotActivated : _) <- createTeam OwnDomain 2
+  legalholdWhitelistTeam tidLH legalholder >>= assertStatus 200
+
+  -- team without legalhold
+  (peer, _tidPeer, peer2 : _) <- createTeam OwnDomain 2
+
+  connectUsers =<< forM [peer, userLHNotActivated] make
+  connectUsers =<< forM [peer2, userLHNotActivated] make
+
+  withMockServer lhMockApp \lhDomAndPort _chan -> do
+    postLegalHoldSettings tidLH legalholder (mkLegalHoldSettings lhDomAndPort) >>= assertStatus 201
+    cid <- postConversation userLHNotActivated defProteus {qualifiedUsers = [legalholder], newUsersRole = "wire_admin", team = Just tidLH} >>= getJSON 201
+    addMembers userLHNotActivated cid (def {users = [peer], role = Just "wire_admin"}) >>= assertSuccess
+    -- activate legalhold for legalholder
+    requestLegalHoldDevice tidLH legalholder legalholder >>= assertSuccess
+    approveLegalHoldDevice tidLH (legalholder %. "qualified_id") defPassword >>= assertSuccess
+    legalholdUserStatus tidLH legalholder legalholder `bindResponse` \resp -> do
+      resp.status `shouldMatchInt` 200
+      resp.json %. "status" `shouldMatch` "enabled"
+
+      addMembers userLHNotActivated cid (def {users = [peer2]}) >>= assertLabel 403 "missing-legalhold-consent"
diff --git a/services/galley/test/integration/API/Teams/LegalHold.hs b/services/galley/test/integration/API/Teams/LegalHold.hs
index c9a3118bcf6..57dfd9f43b0 100644
--- a/services/galley/test/integration/API/Teams/LegalHold.hs
+++ b/services/galley/test/integration/API/Teams/LegalHold.hs
@@ -31,9 +31,7 @@ import Control.Concurrent.Chan
 import Control.Lens hiding ((#))
 import Data.Id
 import Data.LegalHold
-import Data.List.NonEmpty (NonEmpty (..))
 import Data.PEM
-import Data.Qualified (Qualified (..))
 import Data.Range
 import Data.Time.Clock qualified as Time
 import Galley.Cassandra.LegalHold
@@ -42,19 +40,16 @@ import Imports
 import Network.HTTP.Types.Status (status200, status404)
 import Network.Wai as Wai
 import Network.Wai.Handler.Warp qualified as Warp
-import Network.Wai.Utilities.Error qualified as Error
 import Test.QuickCheck.Instances ()
 import Test.Tasty
 import Test.Tasty.HUnit
 import TestHelpers
 import TestSetup
 import Wire.API.Connection qualified as Conn
-import Wire.API.Conversation.Role (roleNameWireAdmin)
 import Wire.API.Provider.Service
 import Wire.API.Routes.Internal.Brig.Connection
 import Wire.API.Team.LegalHold
 import Wire.API.Team.Member
-import Wire.API.Team.Member qualified as Team
 import Wire.API.Team.Permission
 import Wire.API.Team.Role
 import Wire.API.User.Client
@@ -79,19 +74,7 @@ testsPublic s =
           GET /team/{tid}/members - show legal hold status of all members
 
       -}
-      testGroup
-        "settings.legalholdEnabledTeams" -- FUTUREWORK: ungroup this level
-        [ testGroup -- FUTUREWORK: ungroup this level
-            "teams listed"
-            [ testGroup
-                "Users are invited to a group conversation."
-                [ testGroup
-                    "The group conversation contains legalhold activated users."
-                    [testOnlyIfLhWhitelisted s "If any user in the invite has not given consent then the invite fails" testNoConsentCannotBeInvited]
-                ],
-              test s "bench hack" testBenchHack
-            ]
-        ]
+      test s "settings.legalholdEnabledTeams teams liested bench hack" testBenchHack
     ]
 
 testsInternal :: IO TestSetup -> TestTree
@@ -273,49 +256,6 @@ testCannotCreateLegalHoldDeviceOldAPI = do
 data GroupConvInvCase = InviteOnlyConsenters | InviteAlsoNonConsenters
   deriving (Show, Eq, Ord, Bounded, Enum)
 
-testNoConsentCannotBeInvited :: HasCallStack => TestM ()
-testNoConsentCannotBeInvited = do
-  localDomain <- viewFederationDomain
-  -- team that is legalhold whitelisted
-  (legalholder :: UserId, tid) <- createBindingTeam
-  userLHNotActivated <- (^. Team.userId) <$> addUserToTeam legalholder tid
-  putLHWhitelistTeam tid !!! const 200 === statusCode
-
-  -- team without legalhold
-  (peer :: UserId, teamPeer) <- createBindingTeam
-  let qpeer = Qualified peer localDomain
-  peer2 <- (^. Team.userId) <$> addUserToTeam peer teamPeer
-  let qpeer2 = Qualified peer2 localDomain
-
-  do
-    postConnection userLHNotActivated peer !!! const 201 === statusCode
-    void $ putConnection peer userLHNotActivated Conn.Accepted <!! const 200 === statusCode
-
-    postConnection userLHNotActivated peer2 !!! const 201 === statusCode
-    void $ putConnection peer2 userLHNotActivated Conn.Accepted <!! const 200 === statusCode
-
-  withDummyTestServiceForTeam legalholder tid $ \_chan -> do
-    convId <- createTeamConvWithRole userLHNotActivated tid [legalholder] (Just "corp + us") Nothing Nothing roleNameWireAdmin
-    let qconvId = Qualified convId localDomain
-
-    API.Util.postMembers userLHNotActivated (pure qpeer) qconvId
-      !!! const 200 === statusCode
-
-    -- activate legalhold for legalholder
-    do
-      galley <- viewGalley
-      requestLegalHoldDevice legalholder legalholder tid !!! testResponse 201 Nothing
-      approveLegalHoldDevice (Just defPassword) legalholder legalholder tid !!! testResponse 200 Nothing
-      UserLegalHoldStatusResponse userStatus _ _ <- getUserStatusTyped' galley legalholder tid
-      liftIO $ assertEqual "approving should change status" UserLegalHoldEnabled userStatus
-
-    API.Util.postMembers userLHNotActivated (pure qpeer2) qconvId
-      >>= errWith 403 (\err -> Error.label err == "missing-legalhold-consent")
-
-    localdomain <- viewFederationDomain
-    API.Util.postQualifiedMembers userLHNotActivated (Qualified peer2 localdomain :| []) qconvId
-      >>= errWith 403 (\err -> Error.label err == "missing-legalhold-consent")
-
 testBenchHack :: HasCallStack => TestM ()
 testBenchHack = do
   {- representative sample run on an old laptop: