]> git.immae.eu Git - github/Chocobozzz/PeerTube.git/blob - server/tests/api/check-params.js
projects / github / Chocobozzz / PeerTube.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Server: forbid to remove the root user
[github/Chocobozzz/PeerTube.git] / server / tests / api / check-params.js
1 'use strict'
2
3 const chai = require('chai')
4 const expect = chai.expect
5 const pathUtils = require('path')
6 const request = require('supertest')
7 const series = require('async/series')
8
9 const loginUtils = require('../utils/login')
10 const requestsUtils = require('../utils/requests')
11 const serversUtils = require('../utils/servers')
12 const usersUtils = require('../utils/users')
13
14 describe('Test parameters validator', function () {
15 let server = null
16 let userAccessToken = null
17
18 // ---------------------------------------------------------------
19
20 before(function (done) {
21 this.timeout(20000)
22
23 series([
24 function (next) {
25 serversUtils.flushTests(next)
26 },
27 function (next) {
28 serversUtils.runServer(1, function (server1) {
29 server = server1
30
31 next()
32 })
33 },
34 function (next) {
35 loginUtils.loginAndGetAccessToken(server, function (err, token) {
36 if (err) throw err
37 server.accessToken = token
38
39 next()
40 })
41 }
42 ], done)
43 })
44
45 describe('Of the pods API', function () {
46 const path = '/api/v1/pods/'
47
48 describe('When making friends', function () {
49 let userAccessToken = null
50
51 before(function (done) {
52 usersUtils.createUser(server.url, server.accessToken, 'user1', 'password', function () {
53 server.user = {
54 username: 'user1',
55 password: 'password'
56 }
57
58 loginUtils.loginAndGetAccessToken(server, function (err, accessToken) {
59 if (err) throw err
60
61 userAccessToken = accessToken
62
63 done()
64 })
65 })
66 })
67
68 describe('When making friends', function () {
69 const body = {
70 urls: [ 'http://localhost:9002' ]
71 }
72
73 it('Should fail without urls', function (done) {
74 request(server.url)
75 .post(path + '/makefriends')
76 .set('Authorization', 'Bearer ' + server.accessToken)
77 .set('Accept', 'application/json')
78 .expect(400, done)
79 })
80
81 it('Should fail with urls is not an array', function (done) {
82 request(server.url)
83 .post(path + '/makefriends')
84 .send({ urls: 'http://localhost:9002' })
85 .set('Authorization', 'Bearer ' + server.accessToken)
86 .set('Accept', 'application/json')
87 .expect(400, done)
88 })
89
90 it('Should fail if the array is not composed by urls', function (done) {
91 request(server.url)
92 .post(path + '/makefriends')
93 .send({ urls: [ 'http://localhost:9002', 'localhost:coucou' ] })
94 .set('Authorization', 'Bearer ' + server.accessToken)
95 .set('Accept', 'application/json')
96 .expect(400, done)
97 })
98
99 it('Should fail if urls are not unique', function (done) {
100 request(server.url)
101 .post(path + '/makefriends')
102 .send({ urls: [ 'http://localhost:9002', 'http://localhost:9002' ] })
103 .set('Authorization', 'Bearer ' + server.accessToken)
104 .set('Accept', 'application/json')
105 .expect(400, done)
106 })
107
108 it('Should fail with a invalid token', function (done) {
109 request(server.url)
110 .post(path + '/makefriends')
111 .send(body)
112 .set('Authorization', 'Bearer faketoken')
113 .set('Accept', 'application/json')
114 .expect(401, done)
115 })
116
117 it('Should fail if the user is not an administrator', function (done) {
118 request(server.url)
119 .post(path + '/makefriends')
120 .send(body)
121 .set('Authorization', 'Bearer ' + userAccessToken)
122 .set('Accept', 'application/json')
123 .expect(403, done)
124 })
125 })
126
127 describe('When quitting friends', function () {
128 it('Should fail with a invalid token', function (done) {
129 request(server.url)
130 .get(path + '/quitfriends')
131 .query({ start: 'hello' })
132 .set('Authorization', 'Bearer faketoken')
133 .set('Accept', 'application/json')
134 .expect(401, done)
135 })
136
137 it('Should fail if the user is not an administrator', function (done) {
138 request(server.url)
139 .get(path + '/quitfriends')
140 .query({ start: 'hello' })
141 .set('Authorization', 'Bearer ' + userAccessToken)
142 .set('Accept', 'application/json')
143 .expect(403, done)
144 })
145 })
146 })
147
148 describe('When adding a pod', function () {
149 it('Should fail with nothing', function (done) {
150 const data = {}
151 requestsUtils.makePostBodyRequest(server.url, path, null, data, done)
152 })
153
154 it('Should fail without public key', function (done) {
155 const data = {
156 url: 'http://coucou.com'
157 }
158 requestsUtils.makePostBodyRequest(server.url, path, null, data, done)
159 })
160
161 it('Should fail without an url', function (done) {
162 const data = {
163 publicKey: 'mysuperpublickey'
164 }
165 requestsUtils.makePostBodyRequest(server.url, path, null, data, done)
166 })
167
168 it('Should fail with an incorrect url', function (done) {
169 const data = {
170 url: 'coucou.com',
171 publicKey: 'mysuperpublickey'
172 }
173 requestsUtils.makePostBodyRequest(server.url, path, null, data, function () {
174 data.url = 'http://coucou'
175 requestsUtils.makePostBodyRequest(server.url, path, null, data, function () {
176 data.url = 'coucou'
177 requestsUtils.makePostBodyRequest(server.url, path, null, data, done)
178 })
179 })
180 })
181
182 it('Should succeed with the correct parameters', function (done) {
183 const data = {
184 url: 'http://coucou.com',
185 publicKey: 'mysuperpublickey'
186 }
187 requestsUtils.makePostBodyRequest(server.url, path, null, data, done, 200)
188 })
189 })
190 })
191
192 describe('Of the videos API', function () {
193 const path = '/api/v1/videos/'
194
195 describe('When listing a video', function () {
196 it('Should fail with a bad start pagination', function (done) {
197 request(server.url)
198 .get(path)
199 .query({ start: 'hello' })
200 .set('Accept', 'application/json')
201 .expect(400, done)
202 })
203
204 it('Should fail with a bad count pagination', function (done) {
205 request(server.url)
206 .get(path)
207 .query({ count: 'hello' })
208 .set('Accept', 'application/json')
209 .expect(400, done)
210 })
211
212 it('Should fail with an incorrect sort', function (done) {
213 request(server.url)
214 .get(path)
215 .query({ sort: 'hello' })
216 .set('Accept', 'application/json')
217 .expect(400, done)
218 })
219 })
220
221 describe('When searching a video', function () {
222 it('Should fail with nothing', function (done) {
223 request(server.url)
224 .get(pathUtils.join(path, 'search'))
225 .set('Accept', 'application/json')
226 .expect(400, done)
227 })
228
229 it('Should fail with a bad start pagination', function (done) {
230 request(server.url)
231 .get(pathUtils.join(path, 'search', 'test'))
232 .query({ start: 'hello' })
233 .set('Accept', 'application/json')
234 .expect(400, done)
235 })
236
237 it('Should fail with a bad count pagination', function (done) {
238 request(server.url)
239 .get(pathUtils.join(path, 'search', 'test'))
240 .query({ count: 'hello' })
241 .set('Accept', 'application/json')
242 .expect(400, done)
243 })
244
245 it('Should fail with an incorrect sort', function (done) {
246 request(server.url)
247 .get(pathUtils.join(path, 'search', 'test'))
248 .query({ sort: 'hello' })
249 .set('Accept', 'application/json')
250 .expect(400, done)
251 })
252 })
253
254 describe('When adding a video', function () {
255 it('Should fail with nothing', function (done) {
256 const data = {}
257 const attach = {}
258 requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, done)
259 })
260
261 it('Should fail without name', function (done) {
262 const data = {
263 description: 'my super description',
264 tags: [ 'tag1', 'tag2' ]
265 }
266 const attach = {
267 'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
268 }
269 requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, done)
270 })
271
272 it('Should fail with a long name', function (done) {
273 const data = {
274 name: 'My very very very very very very very very very very very very very very very very long name',
275 description: 'my super description',
276 tags: [ 'tag1', 'tag2' ]
277 }
278 const attach = {
279 'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
280 }
281 requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, done)
282 })
283
284 it('Should fail without description', function (done) {
285 const data = {
286 name: 'my super name',
287 tags: [ 'tag1', 'tag2' ]
288 }
289 const attach = {
290 'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
291 }
292 requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, done)
293 })
294
295 it('Should fail with a long description', function (done) {
296 const data = {
297 name: 'my super name',
298 description: 'my super description which is very very very very very very very very very very very very very very' +
299 'very very very very very very very very very very very very very very very very very very very very very' +
300 'very very very very very very very very very very very very very very very long',
301 tags: [ 'tag1', 'tag2' ]
302 }
303 const attach = {
304 'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
305 }
306 requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, done)
307 })
308
309 it('Should fail without tags', function (done) {
310 const data = {
311 name: 'my super name',
312 description: 'my super description'
313 }
314 const attach = {
315 'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
316 }
317 requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, done)
318 })
319
320 it('Should fail with too many tags', function (done) {
321 const data = {
322 name: 'my super name',
323 description: 'my super description',
324 tags: [ 'tag1', 'tag2', 'tag3', 'tag4' ]
325 }
326 const attach = {
327 'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
328 }
329 requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, done)
330 })
331
332 it('Should fail with not enough tags', function (done) {
333 const data = {
334 name: 'my super name',
335 description: 'my super description',
336 tags: [ ]
337 }
338 const attach = {
339 'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
340 }
341 requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, done)
342 })
343
344 it('Should fail with a tag length too low', function (done) {
345 const data = {
346 name: 'my super name',
347 description: 'my super description',
348 tags: [ 'tag1', 't' ]
349 }
350 const attach = {
351 'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
352 }
353 requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, done)
354 })
355
356 it('Should fail with a tag length too big', function (done) {
357 const data = {
358 name: 'my super name',
359 description: 'my super description',
360 tags: [ 'mysupertagtoolong', 'tag1' ]
361 }
362 const attach = {
363 'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
364 }
365 requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, done)
366 })
367
368 it('Should fail with malformed tags', function (done) {
369 const data = {
370 name: 'my super name',
371 description: 'my super description',
372 tags: [ 'my tag' ]
373 }
374 const attach = {
375 'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
376 }
377 requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, done)
378 })
379
380 it('Should fail without an input file', function (done) {
381 const data = {
382 name: 'my super name',
383 description: 'my super description',
384 tags: [ 'tag1', 'tag2' ]
385 }
386 const attach = {}
387 requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, done)
388 })
389
390 it('Should fail without an incorrect input file', function (done) {
391 const data = {
392 name: 'my super name',
393 description: 'my super description',
394 tags: [ 'tag1', 'tag2' ]
395 }
396 const attach = {
397 'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short_fake.webm')
398 }
399 requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, done)
400 })
401
402 it('Should fail with a too big duration', function (done) {
403 const data = {
404 name: 'my super name',
405 description: 'my super description',
406 tags: [ 'tag1', 'tag2' ]
407 }
408 const attach = {
409 'videofile': pathUtils.join(__dirname, 'fixtures', 'video_too_long.webm')
410 }
411 requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, done)
412 })
413
414 it('Should succeed with the correct parameters', function (done) {
415 const data = {
416 name: 'my super name',
417 description: 'my super description',
418 tags: [ 'tag1', 'tag2' ]
419 }
420 const attach = {
421 'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
422 }
423 requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, function () {
424 attach.videofile = pathUtils.join(__dirname, 'fixtures', 'video_short.mp4')
425 requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, function () {
426 attach.videofile = pathUtils.join(__dirname, 'fixtures', 'video_short.ogv')
427 requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, done, 204)
428 }, false)
429 }, false)
430 })
431 })
432
433 describe('When getting a video', function () {
434 it('Should return the list of the videos with nothing', function (done) {
435 request(server.url)
436 .get(path)
437 .set('Accept', 'application/json')
438 .expect(200)
439 .expect('Content-Type', /json/)
440 .end(function (err, res) {
441 if (err) throw err
442
443 expect(res.body.data).to.be.an('array')
444 expect(res.body.data.length).to.equal(3)
445
446 done()
447 })
448 })
449
450 it('Should fail without a mongodb id', function (done) {
451 request(server.url)
452 .get(path + 'coucou')
453 .set('Accept', 'application/json')
454 .expect(400, done)
455 })
456
457 it('Should return 404 with an incorrect video', function (done) {
458 request(server.url)
459 .get(path + '123456789012345678901234')
460 .set('Accept', 'application/json')
461 .expect(404, done)
462 })
463
464 it('Should succeed with the correct parameters')
465 })
466
467 describe('When removing a video', function () {
468 it('Should have 404 with nothing', function (done) {
469 request(server.url)
470 .delete(path)
471 .set('Authorization', 'Bearer ' + server.accessToken)
472 .expect(400, done)
473 })
474
475 it('Should fail without a mongodb id', function (done) {
476 request(server.url)
477 .delete(path + 'hello')
478 .set('Authorization', 'Bearer ' + server.accessToken)
479 .expect(400, done)
480 })
481
482 it('Should fail with a video which does not exist', function (done) {
483 request(server.url)
484 .delete(path + '123456789012345678901234')
485 .set('Authorization', 'Bearer ' + server.accessToken)
486 .expect(404, done)
487 })
488
489 it('Should fail with a video of another user')
490
491 it('Should fail with a video of another pod')
492
493 it('Should succeed with the correct parameters')
494 })
495 })
496
497 describe('Of the users API', function () {
498 const path = '/api/v1/users/'
499 let userId = null
500 let rootId = null
501
502 describe('When listing users', function () {
503 it('Should fail with a bad start pagination', function (done) {
504 request(server.url)
505 .get(path)
506 .query({ start: 'hello' })
507 .set('Accept', 'application/json')
508 .expect(400, done)
509 })
510
511 it('Should fail with a bad count pagination', function (done) {
512 request(server.url)
513 .get(path)
514 .query({ count: 'hello' })
515 .set('Accept', 'application/json')
516 .expect(400, done)
517 })
518
519 it('Should fail with an incorrect sort', function (done) {
520 request(server.url)
521 .get(path)
522 .query({ sort: 'hello' })
523 .set('Accept', 'application/json')
524 .expect(400, done)
525 })
526 })
527
528 describe('When adding a new user', function () {
529 it('Should fail with a too small username', function (done) {
530 const data = {
531 username: 'ji',
532 password: 'mysuperpassword'
533 }
534
535 requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
536 })
537
538 it('Should fail with a too long username', function (done) {
539 const data = {
540 username: 'mysuperusernamewhichisverylong',
541 password: 'mysuperpassword'
542 }
543
544 requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
545 })
546
547 it('Should fail with an incorrect username', function (done) {
548 const data = {
549 username: 'my username',
550 password: 'mysuperpassword'
551 }
552
553 requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
554 })
555
556 it('Should fail with a too small password', function (done) {
557 const data = {
558 username: 'myusername',
559 password: 'bla'
560 }
561
562 requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
563 })
564
565 it('Should fail with a too long password', function (done) {
566 const data = {
567 username: 'myusername',
568 password: 'my super long password which is very very very very very very very very very very very very very very' +
569 'very very very very very very very very very very very very very very very veryv very very very very' +
570 'very very very very very very very very very very very very very very very very very very very very long'
571 }
572
573 requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
574 })
575
576 it('Should fail with an non authenticated user', function (done) {
577 const data = {
578 username: 'myusername',
579 password: 'my super password'
580 }
581
582 requestsUtils.makePostBodyRequest(server.url, path, 'super token', data, done, 401)
583 })
584
585 it('Should fail if we add a user with the same username', function (done) {
586 const data = {
587 username: 'user1',
588 password: 'my super password'
589 }
590
591 requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done, 409)
592 })
593
594 it('Should succeed with the correct params', function (done) {
595 const data = {
596 username: 'user2',
597 password: 'my super password'
598 }
599
600 requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done, 204)
601 })
602
603 it('Should fail with a non admin user', function (done) {
604 server.user = {
605 username: 'user1',
606 password: 'password'
607 }
608
609 loginUtils.loginAndGetAccessToken(server, function (err, accessToken) {
610 if (err) throw err
611
612 userAccessToken = accessToken
613
614 const data = {
615 username: 'user3',
616 password: 'my super password'
617 }
618
619 requestsUtils.makePostBodyRequest(server.url, path, userAccessToken, data, done, 403)
620 })
621 })
622 })
623
624 describe('When updating a user', function () {
625 before(function (done) {
626 usersUtils.getUsersList(server.url, function (err, res) {
627 if (err) throw err
628
629 userId = res.body.data[1].id
630 rootId = res.body.data[2].id
631 done()
632 })
633 })
634
635 it('Should fail with a too small password', function (done) {
636 const data = {
637 password: 'bla'
638 }
639
640 requestsUtils.makePutBodyRequest(server.url, path + userId, userAccessToken, data, done)
641 })
642
643 it('Should fail with a too long password', function (done) {
644 const data = {
645 password: 'my super long password which is very very very very very very very very very very very very very very' +
646 'very very very very very very very very very very very very very very very veryv very very very very' +
647 'very very very very very very very very very very very very very very very very very very very very long'
648 }
649
650 requestsUtils.makePutBodyRequest(server.url, path + userId, userAccessToken, data, done)
651 })
652
653 it('Should fail with an non authenticated user', function (done) {
654 const data = {
655 password: 'my super password'
656 }
657
658 requestsUtils.makePutBodyRequest(server.url, path + userId, 'super token', data, done, 401)
659 })
660
661 it('Should succeed with the correct params', function (done) {
662 const data = {
663 password: 'my super password'
664 }
665
666 requestsUtils.makePutBodyRequest(server.url, path + userId, userAccessToken, data, done, 204)
667 })
668 })
669
670 describe('When getting my information', function () {
671 it('Should fail with a non authenticated user', function (done) {
672 request(server.url)
673 .get(path + 'me')
674 .set('Authorization', 'Bearer faketoken')
675 .set('Accept', 'application/json')
676 .expect(401, done)
677 })
678
679 it('Should success with the correct parameters', function (done) {
680 request(server.url)
681 .get(path + 'me')
682 .set('Authorization', 'Bearer ' + userAccessToken)
683 .set('Accept', 'application/json')
684 .expect(200, done)
685 })
686 })
687
688 describe('When removing an user', function () {
689 it('Should fail with an incorrect id', function (done) {
690 request(server.url)
691 .delete(path + 'bla-bla')
692 .set('Authorization', 'Bearer ' + server.accessToken)
693 .expect(400, done)
694 })
695
696 it('Should fail with the root user', function (done) {
697 request(server.url)
698 .delete(path + rootId)
699 .set('Authorization', 'Bearer ' + server.accessToken)
700 .expect(400, done)
701 })
702
703 it('Should return 404 with a non existing id', function (done) {
704 request(server.url)
705 .delete(path + '579f982228c99c221d8092b8')
706 .set('Authorization', 'Bearer ' + server.accessToken)
707 .expect(404, done)
708 })
709 })
710 })
711
712 describe('Of the remote videos API', function () {
713 describe('When making a secure request', function () {
714 it('Should check a secure request')
715 })
716
717 describe('When adding a video', function () {
718 it('Should check when adding a video')
719 })
720
721 describe('When removing a video', function () {
722 it('Should check when removing a video')
723 })
724 })
725
726 describe('Of the requests API', function () {
727 const path = '/api/v1/requests/stats'
728
729 it('Should fail with an non authenticated user', function (done) {
730 request(server.url)
731 .get(path)
732 .set('Accept', 'application/json')
733 .expect(401, done)
734 })
735
736 it('Should fail with a non admin user', function (done) {
737 request(server.url)
738 .get(path)
739 .set('Authorization', 'Bearer ' + userAccessToken)
740 .set('Accept', 'application/json')
741 .expect(403, done)
742 })
743 })
744
745 after(function (done) {
746 process.kill(-server.app.pid)
747
748 // Keep the logs if the test failed
749 if (this.ok) {
750 serversUtils.flushTests(done)
751 } else {
752 done()
753 }
754 })
755 })
ActivityPub-federated video streaming platform using P2P directly in your web browser