server/tests/api/check-params/users.js

   1 'use strict'
   2
   3 const request = require('supertest')
   4 const series = require('async/series')
   5
   6 const loginUtils = require('../../utils/login')
   7 const requestsUtils = require('../../utils/requests')
   8 const serversUtils = require('../../utils/servers')
   9 const usersUtils = require('../../utils/users')
  10
  11 describe('Test users API validators', function () {
  12   const path = '/api/v1/users/'
  13   let userId = null
  14   let rootId = null
  15   let server = null
  16   let userAccessToken = null
  17
  18   // ---------------------------------------------------------------
  19
  20   before(function (done) {
  21     this.timeout(20000)
  22
  23     series([
  24       function (next) {
  25         serversUtils.flushTests(next)
  26       },
  27       function (next) {
  28         serversUtils.runServer(1, function (server1) {
  29           server = server1
  30
  31           next()
  32         })
  33       },
  34       function (next) {
  35         loginUtils.loginAndGetAccessToken(server, function (err, token) {
  36           if (err) throw err
  37           server.accessToken = token
  38
  39           next()
  40         })
  41       },
  42       function (next) {
  43         const username = 'user1'
  44         const password = 'my super password'
  45
  46         usersUtils.createUser(server.url, server.accessToken, username, password, next)
  47       },
  48       function (next) {
  49         const user = {
  50           username: 'user1',
  51           password: 'my super password'
  52         }
  53
  54         loginUtils.getUserAccessToken(server, user, function (err, accessToken) {
  55           if (err) throw err
  56
  57           userAccessToken = accessToken
  58
  59           next()
  60         })
  61       }
  62     ], done)
  63   })
  64
  65   describe('When listing users', function () {
  66     it('Should fail with a bad start pagination', function (done) {
  67       request(server.url)
  68         .get(path)
  69         .query({ start: 'hello' })
  70         .set('Accept', 'application/json')
  71         .expect(400, done)
  72     })
  73
  74     it('Should fail with a bad count pagination', function (done) {
  75       request(server.url)
  76         .get(path)
  77         .query({ count: 'hello' })
  78         .set('Accept', 'application/json')
  79         .expect(400, done)
  80     })
  81
  82     it('Should fail with an incorrect sort', function (done) {
  83       request(server.url)
  84         .get(path)
  85         .query({ sort: 'hello' })
  86         .set('Accept', 'application/json')
  87         .expect(400, done)
  88     })
  89   })
  90
  91   describe('When adding a new user', function () {
  92     it('Should fail with a too small username', function (done) {
  93       const data = {
  94         username: 'ji',
  95         password: 'mysuperpassword'
  96       }
  97
  98       requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
  99     })
 100
 101     it('Should fail with a too long username', function (done) {
 102       const data = {
 103         username: 'mysuperusernamewhichisverylong',
 104         password: 'mysuperpassword'
 105       }
 106
 107       requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
 108     })
 109
 110     it('Should fail with an incorrect username', function (done) {
 111       const data = {
 112         username: 'my username',
 113         password: 'mysuperpassword'
 114       }
 115
 116       requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
 117     })
 118
 119     it('Should fail with a too small password', function (done) {
 120       const data = {
 121         username: 'myusername',
 122         password: 'bla'
 123       }
 124
 125       requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
 126     })
 127
 128     it('Should fail with a too long password', function (done) {
 129       const data = {
 130         username: 'myusername',
 131         password: 'my super long password which is very very very very very very very very very very very very very very' +
 132                   'very very very very very very very very very very very very very very very veryv very very very very' +
 133                   'very very very very very very very very very very very very very very very very very very very very long'
 134       }
 135
 136       requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
 137     })
 138
 139     it('Should fail with an non authenticated user', function (done) {
 140       const data = {
 141         username: 'myusername',
 142         password: 'my super password'
 143       }
 144
 145       requestsUtils.makePostBodyRequest(server.url, path, 'super token', data, done, 401)
 146     })
 147
 148     it('Should fail if we add a user with the same username', function (done) {
 149       const data = {
 150         username: 'user1',
 151         password: 'my super password'
 152       }
 153
 154       requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done, 409)
 155     })
 156
 157     it('Should succeed with the correct params', function (done) {
 158       const data = {
 159         username: 'user2',
 160         password: 'my super password'
 161       }
 162
 163       requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done, 204)
 164     })
 165
 166     it('Should fail with a non admin user', function (done) {
 167       server.user = {
 168         username: 'user1',
 169         password: 'my super password'
 170       }
 171
 172       loginUtils.loginAndGetAccessToken(server, function (err, accessToken) {
 173         if (err) throw err
 174
 175         userAccessToken = accessToken
 176
 177         const data = {
 178           username: 'user3',
 179           password: 'my super password'
 180         }
 181
 182         requestsUtils.makePostBodyRequest(server.url, path, userAccessToken, data, done, 403)
 183       })
 184     })
 185   })
 186
 187   describe('When updating a user', function () {
 188     before(function (done) {
 189       usersUtils.getUsersList(server.url, function (err, res) {
 190         if (err) throw err
 191
 192         userId = res.body.data[1].id
 193         rootId = res.body.data[2].id
 194         done()
 195       })
 196     })
 197
 198     it('Should fail with a too small password', function (done) {
 199       const data = {
 200         password: 'bla'
 201       }
 202
 203       requestsUtils.makePutBodyRequest(server.url, path + userId, userAccessToken, data, done)
 204     })
 205
 206     it('Should fail with a too long password', function (done) {
 207       const data = {
 208         password: 'my super long password which is very very very very very very very very very very very very very very' +
 209                   'very very very very very very very very very very very very very very very veryv very very very very' +
 210                   'very very very very very very very very very very very very very very very very very very very very long'
 211       }
 212
 213       requestsUtils.makePutBodyRequest(server.url, path + userId, userAccessToken, data, done)
 214     })
 215
 216     it('Should fail with an non authenticated user', function (done) {
 217       const data = {
 218         password: 'my super password'
 219       }
 220
 221       requestsUtils.makePutBodyRequest(server.url, path + userId, 'super token', data, done, 401)
 222     })
 223
 224     it('Should succeed with the correct params', function (done) {
 225       const data = {
 226         password: 'my super password'
 227       }
 228
 229       requestsUtils.makePutBodyRequest(server.url, path + userId, userAccessToken, data, done, 204)
 230     })
 231   })
 232
 233   describe('When getting my information', function () {
 234     it('Should fail with a non authenticated user', function (done) {
 235       request(server.url)
 236         .get(path + 'me')
 237         .set('Authorization', 'Bearer faketoken')
 238         .set('Accept', 'application/json')
 239         .expect(401, done)
 240     })
 241
 242     it('Should success with the correct parameters', function (done) {
 243       request(server.url)
 244         .get(path + 'me')
 245         .set('Authorization', 'Bearer ' + userAccessToken)
 246         .set('Accept', 'application/json')
 247         .expect(200, done)
 248     })
 249   })
 250
 251   describe('When removing an user', function () {
 252     it('Should fail with an incorrect id', function (done) {
 253       request(server.url)
 254         .delete(path + 'bla-bla')
 255         .set('Authorization', 'Bearer ' + server.accessToken)
 256         .expect(400, done)
 257     })
 258
 259     it('Should fail with the root user', function (done) {
 260       request(server.url)
 261         .delete(path + rootId)
 262         .set('Authorization', 'Bearer ' + server.accessToken)
 263         .expect(400, done)
 264     })
 265
 266     it('Should return 404 with a non existing id', function (done) {
 267       request(server.url)
 268         .delete(path + '45')
 269         .set('Authorization', 'Bearer ' + server.accessToken)
 270         .expect(404, done)
 271     })
 272   })
 273
 274   after(function (done) {
 275     process.kill(-server.app.pid)
 276
 277     // Keep the logs if the test failed
 278     if (this.ok) {
 279       serversUtils.flushTests(done)
 280     } else {
 281       done()
 282     }
 283   })
 284 })