server/tests/api/check-params/users.ts

   1 /* tslint:disable:no-unused-expression */
   2
   3 import { omit } from 'lodash'
   4 import 'mocha'
   5 import { UserRole } from '../../../../shared'
   6
   7 import {
   8   createUser, flushTests, getMyUserInformation, getMyUserVideoRating, getUsersList, immutableAssign, killallServers, makeGetRequest,
   9   makePostBodyRequest, makePutBodyRequest, registerUser, removeUser, runServer, ServerInfo, setAccessTokensToServers, updateUser,
  10   uploadVideo, userLogin
  11 } from '../../utils'
  12 import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '../../utils/requests/check-api-params'
  13
  14 describe('Test users API validators', function () {
  15   const path = '/api/v1/users/'
  16   let userId: number
  17   let rootId: number
  18   let videoId: number
  19   let server: ServerInfo
  20   let serverWithRegistrationDisabled: ServerInfo
  21   let userAccessToken = ''
  22
  23   // ---------------------------------------------------------------
  24
  25   before(async function () {
  26     this.timeout(120000)
  27
  28     await flushTests()
  29
  30     server = await runServer(1)
  31     serverWithRegistrationDisabled = await runServer(2)
  32
  33     await setAccessTokensToServers([ server ])
  34
  35     const user = {
  36       username: 'user1',
  37       password: 'my super password'
  38     }
  39     const videoQuota = 42000000
  40     await createUser(server.url, server.accessToken, user.username, user.password, videoQuota)
  41     userAccessToken = await userLogin(server, user)
  42
  43     const res = await uploadVideo(server.url, server.accessToken, {})
  44     videoId = res.body.video.id
  45   })
  46
  47   describe('When listing users', function () {
  48     it('Should fail with a bad start pagination', async function () {
  49       await checkBadStartPagination(server.url, path, server.accessToken)
  50     })
  51
  52     it('Should fail with a bad count pagination', async function () {
  53       await checkBadCountPagination(server.url, path, server.accessToken)
  54     })
  55
  56     it('Should fail with an incorrect sort', async function () {
  57       await checkBadSortPagination(server.url, path, server.accessToken)
  58     })
  59
  60     it('Should fail with a non authenticated user', async function () {
  61       await makeGetRequest({
  62         url: server.url,
  63         path,
  64         statusCodeExpected: 401
  65       })
  66     })
  67
  68     it('Should fail with a non admin user', async function () {
  69       await makeGetRequest({
  70         url: server.url,
  71         path,
  72         token: userAccessToken,
  73         statusCodeExpected: 403
  74       })
  75     })
  76   })
  77
  78   describe('When adding a new user', function () {
  79     const baseCorrectParams = {
  80       username: 'user2',
  81       email: 'test@example.com',
  82       password: 'my super password',
  83       videoQuota: -1,
  84       role: UserRole.USER
  85     }
  86
  87     it('Should fail with a too small username', async function () {
  88       const fields = immutableAssign(baseCorrectParams, { username: 'fi' })
  89
  90       await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
  91     })
  92
  93     it('Should fail with a too long username', async function () {
  94       const fields = immutableAssign(baseCorrectParams, { username: 'my_super_username_which_is_very_long' })
  95
  96       await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
  97     })
  98
  99     it('Should fail with a not lowercase username', async function () {
 100       const fields = immutableAssign(baseCorrectParams, { username: 'Toto' })
 101
 102       await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
 103     })
 104
 105     it('Should fail with an incorrect username', async function () {
 106       const fields = immutableAssign(baseCorrectParams, { username: 'my username' })
 107
 108       await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
 109     })
 110
 111     it('Should fail with a missing email', async function () {
 112       const fields = omit(baseCorrectParams, 'email')
 113
 114       await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
 115     })
 116
 117     it('Should fail with an invalid email', async function () {
 118       const fields = immutableAssign(baseCorrectParams, { email: 'test_example.com' })
 119
 120       await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
 121     })
 122
 123     it('Should fail with a too small password', async function () {
 124       const fields = immutableAssign(baseCorrectParams, { password: 'bla' })
 125
 126       await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
 127     })
 128
 129     it('Should fail with a too long password', async function () {
 130       const fields = immutableAssign(baseCorrectParams, { password: 'super'.repeat(61) })
 131
 132       await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
 133     })
 134
 135     it('Should fail with an non authenticated user', async function () {
 136       await makePostBodyRequest({
 137         url: server.url,
 138         path,
 139         token: 'super token',
 140         fields: baseCorrectParams,
 141         statusCodeExpected: 401
 142       })
 143     })
 144
 145     it('Should fail if we add a user with the same username', async function () {
 146       const fields = immutableAssign(baseCorrectParams, { username: 'user1' })
 147
 148       await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 })
 149     })
 150
 151     it('Should fail if we add a user with the same email', async function () {
 152       const fields = immutableAssign(baseCorrectParams, { email: 'user1@example.com' })
 153
 154       await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 })
 155     })
 156
 157     it('Should fail without a videoQuota', async function () {
 158       const fields = omit(baseCorrectParams, 'videoQuota')
 159
 160       await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
 161     })
 162
 163     it('Should fail with an invalid videoQuota', async function () {
 164       const fields = immutableAssign(baseCorrectParams, { videoQuota: -5 })
 165
 166       await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
 167     })
 168
 169     it('Should fail without a user role', async function () {
 170       const fields = omit(baseCorrectParams, 'role')
 171
 172       await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
 173     })
 174
 175     it('Should fail with an invalid user role', async function () {
 176       const fields = immutableAssign(baseCorrectParams, { role: 88989 })
 177
 178       await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
 179     })
 180
 181     it('Should succeed with the correct params', async function () {
 182       await makePostBodyRequest({
 183         url: server.url,
 184         path,
 185         token: server.accessToken,
 186         fields: baseCorrectParams,
 187         statusCodeExpected: 204
 188       })
 189     })
 190
 191     it('Should fail with a non admin user', async function () {
 192       const user = {
 193         username: 'user1',
 194         password: 'my super password'
 195       }
 196       userAccessToken = await userLogin(server, user)
 197
 198       const fields = {
 199         username: 'user3',
 200         email: 'test@example.com',
 201         password: 'my super password',
 202         videoQuota: 42000000
 203       }
 204       await makePostBodyRequest({ url: server.url, path, token: userAccessToken, fields, statusCodeExpected: 403 })
 205     })
 206   })
 207
 208   describe('When updating my account', function () {
 209     it('Should fail with an invalid email attribute', async function () {
 210       const fields = {
 211         email: 'blabla'
 212       }
 213
 214       await makePutBodyRequest({ url: server.url, path: path + 'me', token: server.accessToken, fields })
 215     })
 216
 217     it('Should fail with a too small password', async function () {
 218       const fields = {
 219         password: 'bla'
 220       }
 221
 222       await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
 223     })
 224
 225     it('Should fail with a too long password', async function () {
 226       const fields = {
 227         password: 'super'.repeat(61)
 228       }
 229
 230       await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
 231     })
 232
 233     it('Should fail with an invalid display NSFW attribute', async function () {
 234       const fields = {
 235         displayNSFW: -1
 236       }
 237
 238       await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
 239     })
 240
 241     it('Should fail with an invalid autoPlayVideo attribute', async function () {
 242       const fields = {
 243         autoPlayVideo: -1
 244       }
 245
 246       await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
 247     })
 248
 249     it('Should fail with an non authenticated user', async function () {
 250       const fields = {
 251         password: 'my super password'
 252       }
 253
 254       await makePutBodyRequest({ url: server.url, path: path + 'me', token: 'super token', fields, statusCodeExpected: 401 })
 255     })
 256
 257     it('Should succeed with the correct params', async function () {
 258       const fields = {
 259         password: 'my super password',
 260         displayNSFW: true,
 261         autoPlayVideo: false,
 262         email: 'super_email@example.com'
 263       }
 264
 265       await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields, statusCodeExpected: 204 })
 266     })
 267   })
 268
 269   describe('When updating a user', function () {
 270
 271     before(async function () {
 272       const res = await getUsersList(server.url, server.accessToken)
 273
 274       userId = res.body.data[1].id
 275       rootId = res.body.data[2].id
 276     })
 277
 278     it('Should fail with an invalid email attribute', async function () {
 279       const fields = {
 280         email: 'blabla'
 281       }
 282
 283       await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
 284     })
 285
 286     it('Should fail with an invalid videoQuota attribute', async function () {
 287       const fields = {
 288         videoQuota: -90
 289       }
 290
 291       await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
 292     })
 293
 294     it('Should fail with an invalid user role attribute', async function () {
 295       const fields = {
 296         role: 54878
 297       }
 298
 299       await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
 300     })
 301
 302     it('Should fail with an non authenticated user', async function () {
 303       const fields = {
 304         videoQuota: 42
 305       }
 306
 307       await makePutBodyRequest({ url: server.url, path: path + userId, token: 'super token', fields, statusCodeExpected: 401 })
 308     })
 309
 310     it('Should succeed with the correct params', async function () {
 311       const fields = {
 312         email: 'email@example.com',
 313         videoQuota: 42,
 314         role: UserRole.MODERATOR
 315       }
 316
 317       await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields, statusCodeExpected: 204 })
 318     })
 319   })
 320
 321   describe('When getting my information', function () {
 322     it('Should fail with a non authenticated user', async function () {
 323       await getMyUserInformation(server.url, 'fake_token', 401)
 324     })
 325
 326     it('Should success with the correct parameters', async function () {
 327       await getMyUserInformation(server.url, userAccessToken)
 328     })
 329   })
 330
 331   describe('When getting my video rating', function () {
 332     it('Should fail with a non authenticated user', async function () {
 333       await getMyUserVideoRating(server.url, 'fake_token', videoId, 401)
 334     })
 335
 336     it('Should fail with an incorrect video uuid', async function () {
 337       await getMyUserVideoRating(server.url, server.accessToken, 'blabla', 400)
 338     })
 339
 340     it('Should fail with an unknown video', async function () {
 341       await getMyUserVideoRating(server.url, server.accessToken, '4da6fde3-88f7-4d16-b119-108df5630b06', 404)
 342     })
 343
 344     it('Should succeed with the correct parameters', async function () {
 345       await getMyUserVideoRating(server.url, server.accessToken, videoId)
 346     })
 347   })
 348
 349   describe('When removing an user', function () {
 350     it('Should fail with an incorrect id', async function () {
 351       await removeUser(server.url, 'blabla', server.accessToken, 400)
 352     })
 353
 354     it('Should fail with the root user', async function () {
 355       await removeUser(server.url, rootId, server.accessToken, 400)
 356     })
 357
 358     it('Should return 404 with a non existing id', async function () {
 359       await removeUser(server.url, 4545454, server.accessToken, 404)
 360     })
 361   })
 362
 363   describe('When register a new user', function () {
 364     const registrationPath = path + '/register'
 365     const baseCorrectParams = {
 366       username: 'user3',
 367       email: 'test3@example.com',
 368       password: 'my super password'
 369     }
 370
 371     it('Should fail with a too small username', async function () {
 372       const fields = immutableAssign(baseCorrectParams, { username: 'ji' })
 373
 374       await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
 375     })
 376
 377     it('Should fail with a too long username', async function () {
 378       const fields = immutableAssign(baseCorrectParams, { username: 'my_super_username_which_is_very_long' })
 379
 380       await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
 381     })
 382
 383     it('Should fail with an incorrect username', async function () {
 384       const fields = immutableAssign(baseCorrectParams, { username: 'my username' })
 385
 386       await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
 387     })
 388
 389     it('Should fail with a missing email', async function () {
 390       const fields = omit(baseCorrectParams, 'email')
 391
 392       await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
 393     })
 394
 395     it('Should fail with an invalid email', async function () {
 396       const fields = immutableAssign(baseCorrectParams, { email: 'test_example.com' })
 397
 398       await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
 399     })
 400
 401     it('Should fail with a too small password', async function () {
 402       const fields = immutableAssign(baseCorrectParams, { password: 'bla' })
 403
 404       await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
 405     })
 406
 407     it('Should fail with a too long password', async function () {
 408       const fields = immutableAssign(baseCorrectParams, { password: 'super'.repeat(61) })
 409
 410       await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
 411     })
 412
 413     it('Should fail if we register a user with the same username', async function () {
 414       const fields = immutableAssign(baseCorrectParams, { username: 'root' })
 415
 416       await makePostBodyRequest({
 417         url: server.url,
 418         path: registrationPath,
 419         token: server.accessToken,
 420         fields,
 421         statusCodeExpected: 409
 422       })
 423     })
 424
 425     it('Should fail if we register a user with the same email', async function () {
 426       const fields = immutableAssign(baseCorrectParams, { email: 'admin1@example.com' })
 427
 428       await makePostBodyRequest({
 429         url: server.url,
 430         path: registrationPath,
 431         token: server.accessToken,
 432         fields,
 433         statusCodeExpected: 409
 434       })
 435     })
 436
 437     it('Should succeed with the correct params', async function () {
 438       await makePostBodyRequest({
 439         url: server.url,
 440         path: registrationPath,
 441         token: server.accessToken,
 442         fields: baseCorrectParams,
 443         statusCodeExpected: 204
 444       })
 445     })
 446
 447     it('Should fail on a server with registration disabled', async function () {
 448       const fields = {
 449         username: 'user4',
 450         email: 'test4@example.com',
 451         password: 'my super password 4'
 452       }
 453
 454       await makePostBodyRequest({
 455         url: serverWithRegistrationDisabled.url,
 456         path: registrationPath,
 457         token: serverWithRegistrationDisabled.accessToken,
 458         fields,
 459         statusCodeExpected: 403
 460       })
 461     })
 462   })
 463
 464   describe('When registering multiple users on a server with users limit', function () {
 465     it('Should fail when after 3 registrations', async function () {
 466       await registerUser(server.url, 'user42', 'super password', 403)
 467     })
 468   })
 469
 470   describe('When having a video quota', function () {
 471     it('Should fail with a user having too many video', async function () {
 472       await updateUser({
 473         url: server.url,
 474         userId: rootId,
 475         accessToken: server.accessToken,
 476         videoQuota: 42
 477       })
 478
 479       await uploadVideo(server.url, server.accessToken, {}, 403)
 480     })
 481
 482     it('Should fail with a registered user having too many video', async function () {
 483       this.timeout(10000)
 484
 485       const user = {
 486         username: 'user3',
 487         password: 'my super password'
 488       }
 489       userAccessToken = await userLogin(server, user)
 490
 491       const videoAttributes = { fixture: 'video_short2.webm' }
 492       await uploadVideo(server.url, userAccessToken, videoAttributes)
 493       await uploadVideo(server.url, userAccessToken, videoAttributes)
 494       await uploadVideo(server.url, userAccessToken, videoAttributes)
 495       await uploadVideo(server.url, userAccessToken, videoAttributes)
 496       await uploadVideo(server.url, userAccessToken, videoAttributes)
 497       await uploadVideo(server.url, userAccessToken, videoAttributes, 403)
 498     })
 499   })
 500
 501   after(async function () {
 502     killallServers([ server, serverWithRegistrationDisabled ])
 503
 504     // Keep the logs if the test failed
 505     if (this['ok']) {
 506       await flushTests()
 507     }
 508   })
 509 })