[github/Chocobozzz/PeerTube.git] / server / tests / api / check-params / users.js

'use strict'

const request = require('supertest')
const series = require('async/series')

const loginUtils = require('../../utils/login')
const requestsUtils = require('../../utils/requests')
const serversUtils = require('../../utils/servers')
const usersUtils = require('../../utils/users')

describe('Test users API validators', function () {
  const path = '/api/v1/users/'
  let userId = null
  let rootId = null
  let server = null
  let userAccessToken = null

  // ---------------------------------------------------------------

  before(function (done) {
    this.timeout(20000)

    series([
      function (next) {
        serversUtils.flushTests(next)
      },
      function (next) {
        serversUtils.runServer(1, function (server1) {
          server = server1

          next()
        })
      },
      function (next) {
        loginUtils.loginAndGetAccessToken(server, function (err, token) {
          if (err) throw err
          server.accessToken = token

          next()
        })
      },
      function (next) {
        const username = 'user1'
        const password = 'my super password'

        usersUtils.createUser(server.url, server.accessToken, username, password, next)
      },
      function (next) {
        const user = {
          username: 'user1',
          password: 'my super password'
        }

        loginUtils.getUserAccessToken(server, user, function (err, accessToken) {
          if (err) throw err

          userAccessToken = accessToken

          next()
        })
      }
    ], done)
  })

  describe('When listing users', function () {
    it('Should fail with a bad start pagination', function (done) {
      request(server.url)
        .get(path)
        .query({ start: 'hello' })
        .set('Accept', 'application/json')
        .expect(400, done)
    })

    it('Should fail with a bad count pagination', function (done) {
      request(server.url)
        .get(path)
        .query({ count: 'hello' })
        .set('Accept', 'application/json')
        .expect(400, done)
    })

    it('Should fail with an incorrect sort', function (done) {
      request(server.url)
        .get(path)
        .query({ sort: 'hello' })
        .set('Accept', 'application/json')
        .expect(400, done)
    })
  })

  describe('When adding a new user', function () {
    it('Should fail with a too small username', function (done) {
      const data = {
        username: 'ji',
        email: 'test@example.com',
        password: 'mysuperpassword'
      }

      requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
    })

    it('Should fail with a too long username', function (done) {
      const data = {
        username: 'mysuperusernamewhichisverylong',
        email: 'test@example.com',
        password: 'mysuperpassword'
      }

      requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
    })

    it('Should fail with an incorrect username', function (done) {
      const data = {
        username: 'my username',
        email: 'test@example.com',
        password: 'mysuperpassword'
      }

      requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
    })

    it('Should fail with a missing email', function (done) {
      const data = {
        username: 'ji',
        password: 'mysuperpassword'
      }

      requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
    })

    it('Should fail with an invalid email', function (done) {
      const data = {
        username: 'mysuperusernamewhichisverylong',
        email: 'testexample.com',
        password: 'mysuperpassword'
      }

      requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
    })

    it('Should fail with a too small password', function (done) {
      const data = {
        username: 'myusername',
        email: 'test@example.com',
        password: 'bla'
      }

      requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
    })

    it('Should fail with a too long password', function (done) {
      const data = {
        username: 'myusername',
        email: 'test@example.com',
        password: 'my super long password which is very very very very very very very very very very very very very very' +
                  'very very very very very very very very very very very very very very very veryv very very very very' +
                  'very very very very very very very very very very very very very very very very very very very very long'
      }

      requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
    })

    it('Should fail with an non authenticated user', function (done) {
      const data = {
        username: 'myusername',
        email: 'test@example.com',
        password: 'my super password'
      }

      requestsUtils.makePostBodyRequest(server.url, path, 'super token', data, done, 401)
    })

    it('Should fail if we add a user with the same username', function (done) {
      const data = {
        username: 'user1',
        email: 'test@example.com',
        password: 'my super password'
      }

      requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done, 409)
    })

    it('Should fail if we add a user with the same email', function (done) {
      const data = {
        username: 'myusername',
        email: 'user1@example.com',
        password: 'my super password'
      }

      requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done, 409)
    })

    it('Should succeed with the correct params', function (done) {
      const data = {
        username: 'user2',
        email: 'test@example.com',
        password: 'my super password'
      }

      requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done, 204)
    })

    it('Should fail with a non admin user', function (done) {
      server.user = {
        username: 'user1',
        email: 'test@example.com',
        password: 'my super password'
      }

      loginUtils.loginAndGetAccessToken(server, function (err, accessToken) {
        if (err) throw err

        userAccessToken = accessToken

        const data = {
          username: 'user3',
          email: 'test@example.com',
          password: 'my super password'
        }

        requestsUtils.makePostBodyRequest(server.url, path, userAccessToken, data, done, 403)
      })
    })
  })

  describe('When updating a user', function () {
    before(function (done) {
      usersUtils.getUsersList(server.url, function (err, res) {
        if (err) throw err

        userId = res.body.data[1].id
        rootId = res.body.data[2].id
        done()
      })
    })

    it('Should fail with a too small password', function (done) {
      const data = {
        password: 'bla'
      }

      requestsUtils.makePutBodyRequest(server.url, path + userId, userAccessToken, data, done)
    })

    it('Should fail with a too long password', function (done) {
      const data = {
        password: 'my super long password which is very very very very very very very very very very very very very very' +
                  'very very very very very very very very very very very very very very very veryv very very very very' +
                  'very very very very very very very very very very very very very very very very very very very very long'
      }

      requestsUtils.makePutBodyRequest(server.url, path + userId, userAccessToken, data, done)
    })

    it('Should fail with an non authenticated user', function (done) {
      const data = {
        password: 'my super password'
      }

      requestsUtils.makePutBodyRequest(server.url, path + userId, 'super token', data, done, 401)
    })

    it('Should succeed with the correct params', function (done) {
      const data = {
        password: 'my super password'
      }

      requestsUtils.makePutBodyRequest(server.url, path + userId, userAccessToken, data, done, 204)
    })
  })

  describe('When getting my information', function () {
    it('Should fail with a non authenticated user', function (done) {
      request(server.url)
        .get(path + 'me')
        .set('Authorization', 'Bearer faketoken')
        .set('Accept', 'application/json')
        .expect(401, done)
    })

    it('Should success with the correct parameters', function (done) {
      request(server.url)
        .get(path + 'me')
        .set('Authorization', 'Bearer ' + userAccessToken)
        .set('Accept', 'application/json')
        .expect(200, done)
    })
  })

  describe('When removing an user', function () {
    it('Should fail with an incorrect id', function (done) {
      request(server.url)
        .delete(path + 'bla-bla')
        .set('Authorization', 'Bearer ' + server.accessToken)
        .expect(400, done)
    })

    it('Should fail with the root user', function (done) {
      request(server.url)
        .delete(path + rootId)
        .set('Authorization', 'Bearer ' + server.accessToken)
        .expect(400, done)
    })

    it('Should return 404 with a non existing id', function (done) {
      request(server.url)
        .delete(path + '45')
        .set('Authorization', 'Bearer ' + server.accessToken)
        .expect(404, done)
    })
  })

  after(function (done) {
    process.kill(-server.app.pid)

    // Keep the logs if the test failed
    if (this.ok) {
      serversUtils.flushTests(done)
    } else {
      done()
    }
  })
})
Commit	Line	Data
efe923bc C	1	'use strict'
	2
	3	const request = require('supertest')
	4	const series = require('async/series')
	5
	6	const loginUtils = require('../../utils/login')
	7	const requestsUtils = require('../../utils/requests')
	8	const serversUtils = require('../../utils/servers')
	9	const usersUtils = require('../../utils/users')
	10
	11	describe('Test users API validators', function () {
	12	const path = '/api/v1/users/'
	13	let userId = null
	14	let rootId = null
	15	let server = null
	16	let userAccessToken = null
	17
	18	// ---------------------------------------------------------------
	19
	20	before(function (done) {
	21	this.timeout(20000)
	22
	23	series([
	24	function (next) {
	25	serversUtils.flushTests(next)
	26	},
	27	function (next) {
	28	serversUtils.runServer(1, function (server1) {
	29	server = server1
	30
	31	next()
	32	})
	33	},
	34	function (next) {
	35	loginUtils.loginAndGetAccessToken(server, function (err, token) {
	36	if (err) throw err
	37	server.accessToken = token
	38
	39	next()
	40	})
	41	},
	42	function (next) {
	43	const username = 'user1'
	44	const password = 'my super password'
	45
	46	usersUtils.createUser(server.url, server.accessToken, username, password, next)
	47	},
	48	function (next) {
	49	const user = {
	50	username: 'user1',
	51	password: 'my super password'
	52	}
	53
	54	loginUtils.getUserAccessToken(server, user, function (err, accessToken) {
	55	if (err) throw err
	56
	57	userAccessToken = accessToken
	58
	59	next()
	60	})
	61	}
	62	], done)
	63	})
	64
65	describe('When listing users', function () {
66	it('Should fail with a bad start pagination', function (done) {
67	request(server.url)
68	.get(path)
69	.query({ start: 'hello' })
70	.set('Accept', 'application/json')
71	.expect(400, done)
72	})
73
74	it('Should fail with a bad count pagination', function (done) {
75	request(server.url)
76	.get(path)
77	.query({ count: 'hello' })
78	.set('Accept', 'application/json')
79	.expect(400, done)
80	})
81
82	it('Should fail with an incorrect sort', function (done) {
83	request(server.url)
84	.get(path)
85	.query({ sort: 'hello' })
86	.set('Accept', 'application/json')
87	.expect(400, done)
88	})
89	})
90
91	describe('When adding a new user', function () {
92	it('Should fail with a too small username', function (done) {
93	const data = {
94	username: 'ji',
ad4a8a1c	95	email: 'test@example.com',
efe923bc C	96	password: 'mysuperpassword'
	97	}
	98
	99	requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
	100	})
	101
	102	it('Should fail with a too long username', function (done) {
	103	const data = {
	104	username: 'mysuperusernamewhichisverylong',
ad4a8a1c	105	email: 'test@example.com',
efe923bc C	106	password: 'mysuperpassword'
	107	}
	108
	109	requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
	110	})
	111
	112	it('Should fail with an incorrect username', function (done) {
	113	const data = {
	114	username: 'my username',
ad4a8a1c C	115	email: 'test@example.com',
	116	password: 'mysuperpassword'
	117	}
	118
	119	requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
	120	})
	121
	122	it('Should fail with a missing email', function (done) {
	123	const data = {
	124	username: 'ji',
	125	password: 'mysuperpassword'
	126	}
	127
	128	requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
	129	})
	130
	131	it('Should fail with an invalid email', function (done) {
	132	const data = {
	133	username: 'mysuperusernamewhichisverylong',
	134	email: 'testexample.com',
efe923bc C	135	password: 'mysuperpassword'
	136	}
	137
	138	requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
	139	})
	140
	141	it('Should fail with a too small password', function (done) {
	142	const data = {
	143	username: 'myusername',
ad4a8a1c	144	email: 'test@example.com',
efe923bc C	145	password: 'bla'
	146	}
	147
	148	requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
	149	})
	150
	151	it('Should fail with a too long password', function (done) {
	152	const data = {
	153	username: 'myusername',
ad4a8a1c	154	email: 'test@example.com',
efe923bc C	155	password: 'my super long password which is very very very very very very very very very very very very very very' +
	156	'very very very very very very very very very very very very very very very veryv very very very very' +
	157	'very very very very very very very very very very very very very very very very very very very very long'
	158	}
	159
	160	requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
	161	})
	162
	163	it('Should fail with an non authenticated user', function (done) {
	164	const data = {
	165	username: 'myusername',
ad4a8a1c	166	email: 'test@example.com',
efe923bc C	167	password: 'my super password'
	168	}
	169
	170	requestsUtils.makePostBodyRequest(server.url, path, 'super token', data, done, 401)
	171	})
	172
	173	it('Should fail if we add a user with the same username', function (done) {
	174	const data = {
	175	username: 'user1',
ad4a8a1c C	176	email: 'test@example.com',
	177	password: 'my super password'
	178	}
	179
	180	requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done, 409)
	181	})
	182
	183	it('Should fail if we add a user with the same email', function (done) {
	184	const data = {
	185	username: 'myusername',
	186	email: 'user1@example.com',
efe923bc C	187	password: 'my super password'
	188	}
	189
	190	requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done, 409)
	191	})
	192
	193	it('Should succeed with the correct params', function (done) {
	194	const data = {
	195	username: 'user2',
ad4a8a1c	196	email: 'test@example.com',
efe923bc C	197	password: 'my super password'
	198	}
	199
	200	requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done, 204)
	201	})
	202
	203	it('Should fail with a non admin user', function (done) {
	204	server.user = {
	205	username: 'user1',
ad4a8a1c	206	email: 'test@example.com',
efe923bc C	207	password: 'my super password'
	208	}
	209
	210	loginUtils.loginAndGetAccessToken(server, function (err, accessToken) {
	211	if (err) throw err
	212
	213	userAccessToken = accessToken
	214
	215	const data = {
	216	username: 'user3',
ad4a8a1c	217	email: 'test@example.com',
efe923bc C	218	password: 'my super password'
	219	}
	220
	221	requestsUtils.makePostBodyRequest(server.url, path, userAccessToken, data, done, 403)
	222	})
	223	})
	224	})
	225
	226	describe('When updating a user', function () {
	227	before(function (done) {
	228	usersUtils.getUsersList(server.url, function (err, res) {
	229	if (err) throw err
	230
	231	userId = res.body.data[1].id
	232	rootId = res.body.data[2].id
	233	done()
	234	})
	235	})
	236
	237	it('Should fail with a too small password', function (done) {
	238	const data = {
	239	password: 'bla'
	240	}
	241
	242	requestsUtils.makePutBodyRequest(server.url, path + userId, userAccessToken, data, done)
	243	})
	244
	245	it('Should fail with a too long password', function (done) {
	246	const data = {
	247	password: 'my super long password which is very very very very very very very very very very very very very very' +
	248	'very very very very very very very very very very very very very very very veryv very very very very' +
	249	'very very very very very very very very very very very very very very very very very very very very long'
	250	}
	251
	252	requestsUtils.makePutBodyRequest(server.url, path + userId, userAccessToken, data, done)
	253	})
	254
	255	it('Should fail with an non authenticated user', function (done) {
	256	const data = {
	257	password: 'my super password'
	258	}
	259
	260	requestsUtils.makePutBodyRequest(server.url, path + userId, 'super token', data, done, 401)
	261	})
	262
	263	it('Should succeed with the correct params', function (done) {
	264	const data = {
	265	password: 'my super password'
	266	}
	267
	268	requestsUtils.makePutBodyRequest(server.url, path + userId, userAccessToken, data, done, 204)
	269	})
	270	})
	271
	272	describe('When getting my information', function () {
	273	it('Should fail with a non authenticated user', function (done) {
	274	request(server.url)
	275	.get(path + 'me')
	276	.set('Authorization', 'Bearer faketoken')
	277	.set('Accept', 'application/json')
	278	.expect(401, done)
	279	})
	280
	281	it('Should success with the correct parameters', function (done) {
282	request(server.url)
283	.get(path + 'me')
284	.set('Authorization', 'Bearer ' + userAccessToken)
285	.set('Accept', 'application/json')
286	.expect(200, done)
287	})
288	})
289
290	describe('When removing an user', function () {
291	it('Should fail with an incorrect id', function (done) {
292	request(server.url)
293	.delete(path + 'bla-bla')
294	.set('Authorization', 'Bearer ' + server.accessToken)
295	.expect(400, done)
296	})
297
298	it('Should fail with the root user', function (done) {
299	request(server.url)
300	.delete(path + rootId)
301	.set('Authorization', 'Bearer ' + server.accessToken)
302	.expect(400, done)
303	})
304
305	it('Should return 404 with a non existing id', function (done) {
306	request(server.url)
307	.delete(path + '45')
308	.set('Authorization', 'Bearer ' + server.accessToken)
309	.expect(404, done)
310	})
311	})
312
313	after(function (done) {
314	process.kill(-server.app.pid)
315
316	// Keep the logs if the test failed
317	if (this.ok) {
318	serversUtils.flushTests(done)
319	} else {
320	done()
321	}
322	})
323	})