]> git.immae.eu Git - github/Chocobozzz/PeerTube.git/blob - server/tests/api/checkParams.js
projects / github / Chocobozzz / PeerTube.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Server: do not allow a user to remove a video of another user
[github/Chocobozzz/PeerTube.git] / server / tests / api / checkParams.js
1 'use strict'
2
3 const chai = require('chai')
4 const expect = chai.expect
5 const pathUtils = require('path')
6 const request = require('supertest')
7 const series = require('async/series')
8
9 const utils = require('./utils')
10
11 describe('Test parameters validator', function () {
12 let server = null
13
14 function makePostRequest (path, token, fields, attaches, done, statusCodeExpected) {
15 if (!statusCodeExpected) statusCodeExpected = 400
16
17 const req = request(server.url)
18 .post(path)
19 .set('Accept', 'application/json')
20
21 if (token) req.set('Authorization', 'Bearer ' + token)
22
23 Object.keys(fields).forEach(function (field) {
24 const value = fields[field]
25
26 if (Array.isArray(value)) {
27 for (let i = 0; i < value.length; i++) {
28 req.field(field + '[' + i + ']', value[i])
29 }
30 } else {
31 req.field(field, value)
32 }
33 })
34
35 Object.keys(attaches).forEach(function (attach) {
36 const value = attaches[attach]
37 req.attach(attach, value)
38 })
39
40 req.expect(statusCodeExpected, done)
41 }
42
43 function makePostBodyRequest (path, token, fields, done, statusCodeExpected) {
44 if (!statusCodeExpected) statusCodeExpected = 400
45
46 const req = request(server.url)
47 .post(path)
48 .set('Accept', 'application/json')
49
50 if (token) req.set('Authorization', 'Bearer ' + token)
51
52 req.send(fields).expect(statusCodeExpected, done)
53 }
54
55 function makePutBodyRequest (path, token, fields, done, statusCodeExpected) {
56 if (!statusCodeExpected) statusCodeExpected = 400
57
58 const req = request(server.url)
59 .put(path)
60 .set('Accept', 'application/json')
61
62 if (token) req.set('Authorization', 'Bearer ' + token)
63
64 req.send(fields).expect(statusCodeExpected, done)
65 }
66
67 // ---------------------------------------------------------------
68
69 before(function (done) {
70 this.timeout(20000)
71
72 series([
73 function (next) {
74 utils.flushTests(next)
75 },
76 function (next) {
77 utils.runServer(1, function (server1) {
78 server = server1
79
80 next()
81 })
82 },
83 function (next) {
84 utils.loginAndGetAccessToken(server, function (err, token) {
85 if (err) throw err
86 server.accessToken = token
87
88 next()
89 })
90 }
91 ], done)
92 })
93
94 describe('Of the pods API', function () {
95 const path = '/api/v1/pods/'
96
97 describe('When adding a pod', function () {
98 it('Should fail with nothing', function (done) {
99 const data = {}
100 makePostBodyRequest(path, null, data, done)
101 })
102
103 it('Should fail without public key', function (done) {
104 const data = {
105 url: 'http://coucou.com'
106 }
107 makePostBodyRequest(path, null, data, done)
108 })
109
110 it('Should fail without an url', function (done) {
111 const data = {
112 publicKey: 'mysuperpublickey'
113 }
114 makePostBodyRequest(path, null, data, done)
115 })
116
117 it('Should fail with an incorrect url', function (done) {
118 const data = {
119 url: 'coucou.com',
120 publicKey: 'mysuperpublickey'
121 }
122 makePostBodyRequest(path, null, data, function () {
123 data.url = 'http://coucou'
124 makePostBodyRequest(path, null, data, function () {
125 data.url = 'coucou'
126 makePostBodyRequest(path, null, data, done)
127 })
128 })
129 })
130
131 it('Should succeed with the correct parameters', function (done) {
132 const data = {
133 url: 'http://coucou.com',
134 publicKey: 'mysuperpublickey'
135 }
136 makePostBodyRequest(path, null, data, done, 200)
137 })
138 })
139
140 describe('For the friends API', function () {
141 let userAccessToken = null
142
143 before(function (done) {
144 utils.createUser(server.url, server.accessToken, 'user1', 'password', function () {
145 server.user = {
146 username: 'user1',
147 password: 'password'
148 }
149
150 utils.loginAndGetAccessToken(server, function (err, accessToken) {
151 if (err) throw err
152
153 userAccessToken = accessToken
154
155 done()
156 })
157 })
158 })
159
160 describe('When making friends', function () {
161 it('Should fail with a invalid token', function (done) {
162 request(server.url)
163 .get(path + '/makefriends')
164 .query({ start: 'hello' })
165 .set('Authorization', 'Bearer faketoken')
166 .set('Accept', 'application/json')
167 .expect(401, done)
168 })
169
170 it('Should fail if the user is not an administrator', function (done) {
171 request(server.url)
172 .get(path + '/makefriends')
173 .query({ start: 'hello' })
174 .set('Authorization', 'Bearer ' + userAccessToken)
175 .set('Accept', 'application/json')
176 .expect(403, done)
177 })
178 })
179
180 describe('When quitting friends', function () {
181 it('Should fail with a invalid token', function (done) {
182 request(server.url)
183 .get(path + '/quitfriends')
184 .query({ start: 'hello' })
185 .set('Authorization', 'Bearer faketoken')
186 .set('Accept', 'application/json')
187 .expect(401, done)
188 })
189
190 it('Should fail if the user is not an administrator', function (done) {
191 request(server.url)
192 .get(path + '/quitfriends')
193 .query({ start: 'hello' })
194 .set('Authorization', 'Bearer ' + userAccessToken)
195 .set('Accept', 'application/json')
196 .expect(403, done)
197 })
198 })
199 })
200 })
201
202 describe('Of the videos API', function () {
203 const path = '/api/v1/videos/'
204
205 describe('When listing a video', function () {
206 it('Should fail with a bad start pagination', function (done) {
207 request(server.url)
208 .get(path)
209 .query({ start: 'hello' })
210 .set('Accept', 'application/json')
211 .expect(400, done)
212 })
213
214 it('Should fail with a bad count pagination', function (done) {
215 request(server.url)
216 .get(path)
217 .query({ count: 'hello' })
218 .set('Accept', 'application/json')
219 .expect(400, done)
220 })
221
222 it('Should fail with an incorrect sort', function (done) {
223 request(server.url)
224 .get(path)
225 .query({ sort: 'hello' })
226 .set('Accept', 'application/json')
227 .expect(400, done)
228 })
229 })
230
231 describe('When searching a video', function () {
232 it('Should fail with nothing', function (done) {
233 request(server.url)
234 .get(pathUtils.join(path, 'search'))
235 .set('Accept', 'application/json')
236 .expect(400, done)
237 })
238
239 it('Should fail with a bad start pagination', function (done) {
240 request(server.url)
241 .get(pathUtils.join(path, 'search', 'test'))
242 .query({ start: 'hello' })
243 .set('Accept', 'application/json')
244 .expect(400, done)
245 })
246
247 it('Should fail with a bad count pagination', function (done) {
248 request(server.url)
249 .get(pathUtils.join(path, 'search', 'test'))
250 .query({ count: 'hello' })
251 .set('Accept', 'application/json')
252 .expect(400, done)
253 })
254
255 it('Should fail with an incorrect sort', function (done) {
256 request(server.url)
257 .get(pathUtils.join(path, 'search', 'test'))
258 .query({ sort: 'hello' })
259 .set('Accept', 'application/json')
260 .expect(400, done)
261 })
262 })
263
264 describe('When adding a video', function () {
265 it('Should fail with nothing', function (done) {
266 const data = {}
267 const attach = {}
268 makePostRequest(path, server.accessToken, data, attach, done)
269 })
270
271 it('Should fail without name', function (done) {
272 const data = {
273 description: 'my super description',
274 tags: [ 'tag1', 'tag2' ]
275 }
276 const attach = {
277 'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
278 }
279 makePostRequest(path, server.accessToken, data, attach, done)
280 })
281
282 it('Should fail with a long name', function (done) {
283 const data = {
284 name: 'My very very very very very very very very very very very very very very very very long name',
285 description: 'my super description',
286 tags: [ 'tag1', 'tag2' ]
287 }
288 const attach = {
289 'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
290 }
291 makePostRequest(path, server.accessToken, data, attach, done)
292 })
293
294 it('Should fail without description', function (done) {
295 const data = {
296 name: 'my super name',
297 tags: [ 'tag1', 'tag2' ]
298 }
299 const attach = {
300 'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
301 }
302 makePostRequest(path, server.accessToken, data, attach, done)
303 })
304
305 it('Should fail with a long description', function (done) {
306 const data = {
307 name: 'my super name',
308 description: 'my super description which is very very very very very very very very very very very very very very' +
309 'very very very very very very very very very very very very very very very very very very very very very' +
310 'very very very very very very very very very very very very very very very long',
311 tags: [ 'tag1', 'tag2' ]
312 }
313 const attach = {
314 'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
315 }
316 makePostRequest(path, server.accessToken, data, attach, done)
317 })
318
319 it('Should fail without tags', function (done) {
320 const data = {
321 name: 'my super name',
322 description: 'my super description'
323 }
324 const attach = {
325 'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
326 }
327 makePostRequest(path, server.accessToken, data, attach, done)
328 })
329
330 it('Should fail with too many tags', function (done) {
331 const data = {
332 name: 'my super name',
333 description: 'my super description',
334 tags: [ 'tag1', 'tag2', 'tag3', 'tag4' ]
335 }
336 const attach = {
337 'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
338 }
339 makePostRequest(path, server.accessToken, data, attach, done)
340 })
341
342 it('Should fail with not enough tags', function (done) {
343 const data = {
344 name: 'my super name',
345 description: 'my super description',
346 tags: [ ]
347 }
348 const attach = {
349 'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
350 }
351 makePostRequest(path, server.accessToken, data, attach, done)
352 })
353
354 it('Should fail with a tag length too low', function (done) {
355 const data = {
356 name: 'my super name',
357 description: 'my super description',
358 tags: [ 'tag1', 't' ]
359 }
360 const attach = {
361 'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
362 }
363 makePostRequest(path, server.accessToken, data, attach, done)
364 })
365
366 it('Should fail with a tag length too big', function (done) {
367 const data = {
368 name: 'my super name',
369 description: 'my super description',
370 tags: [ 'mysupertagtoolong', 'tag1' ]
371 }
372 const attach = {
373 'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
374 }
375 makePostRequest(path, server.accessToken, data, attach, done)
376 })
377
378 it('Should fail with malformed tags', function (done) {
379 const data = {
380 name: 'my super name',
381 description: 'my super description',
382 tags: [ 'my tag' ]
383 }
384 const attach = {
385 'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
386 }
387 makePostRequest(path, server.accessToken, data, attach, done)
388 })
389
390 it('Should fail without an input file', function (done) {
391 const data = {
392 name: 'my super name',
393 description: 'my super description',
394 tags: [ 'tag1', 'tag2' ]
395 }
396 const attach = {}
397 makePostRequest(path, server.accessToken, data, attach, done)
398 })
399
400 it('Should fail without an incorrect input file', function (done) {
401 const data = {
402 name: 'my super name',
403 description: 'my super description',
404 tags: [ 'tag1', 'tag2' ]
405 }
406 const attach = {
407 'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short_fake.webm')
408 }
409 makePostRequest(path, server.accessToken, data, attach, done)
410 })
411
412 it('Should fail with a too big duration', function (done) {
413 const data = {
414 name: 'my super name',
415 description: 'my super description',
416 tags: [ 'tag1', 'tag2' ]
417 }
418 const attach = {
419 'videofile': pathUtils.join(__dirname, 'fixtures', 'video_too_long.webm')
420 }
421 makePostRequest(path, server.accessToken, data, attach, done)
422 })
423
424 it('Should succeed with the correct parameters', function (done) {
425 const data = {
426 name: 'my super name',
427 description: 'my super description',
428 tags: [ 'tag1', 'tag2' ]
429 }
430 const attach = {
431 'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
432 }
433 makePostRequest(path, server.accessToken, data, attach, function () {
434 attach.videofile = pathUtils.join(__dirname, 'fixtures', 'video_short.mp4')
435 makePostRequest(path, server.accessToken, data, attach, function () {
436 attach.videofile = pathUtils.join(__dirname, 'fixtures', 'video_short.ogv')
437 makePostRequest(path, server.accessToken, data, attach, done, 204)
438 }, false)
439 }, false)
440 })
441 })
442
443 describe('When getting a video', function () {
444 it('Should return the list of the videos with nothing', function (done) {
445 request(server.url)
446 .get(path)
447 .set('Accept', 'application/json')
448 .expect(200)
449 .expect('Content-Type', /json/)
450 .end(function (err, res) {
451 if (err) throw err
452
453 expect(res.body.data).to.be.an('array')
454 expect(res.body.data.length).to.equal(3)
455
456 done()
457 })
458 })
459
460 it('Should fail without a mongodb id', function (done) {
461 request(server.url)
462 .get(path + 'coucou')
463 .set('Accept', 'application/json')
464 .expect(400, done)
465 })
466
467 it('Should return 404 with an incorrect video', function (done) {
468 request(server.url)
469 .get(path + '123456789012345678901234')
470 .set('Accept', 'application/json')
471 .expect(404, done)
472 })
473
474 it('Should succeed with the correct parameters')
475 })
476
477 describe('When removing a video', function () {
478 it('Should have 404 with nothing', function (done) {
479 request(server.url)
480 .delete(path)
481 .set('Authorization', 'Bearer ' + server.accessToken)
482 .expect(400, done)
483 })
484
485 it('Should fail without a mongodb id', function (done) {
486 request(server.url)
487 .delete(path + 'hello')
488 .set('Authorization', 'Bearer ' + server.accessToken)
489 .expect(400, done)
490 })
491
492 it('Should fail with a video which does not exist', function (done) {
493 request(server.url)
494 .delete(path + '123456789012345678901234')
495 .set('Authorization', 'Bearer ' + server.accessToken)
496 .expect(404, done)
497 })
498
499 it('Should fail with a video of another user')
500
501 it('Should fail with a video of another pod')
502
503 it('Should succeed with the correct parameters')
504 })
505 })
506
507 describe('Of the users API', function () {
508 const path = '/api/v1/users/'
509 let userId = null
510 let userAccessToken = null
511
512 describe('When adding a new user', function () {
513 it('Should fail with a too small username', function (done) {
514 const data = {
515 username: 'ji',
516 password: 'mysuperpassword'
517 }
518
519 makePostBodyRequest(path, server.accessToken, data, done)
520 })
521
522 it('Should fail with a too long username', function (done) {
523 const data = {
524 username: 'mysuperusernamewhichisverylong',
525 password: 'mysuperpassword'
526 }
527
528 makePostBodyRequest(path, server.accessToken, data, done)
529 })
530
531 it('Should fail with an incorrect username', function (done) {
532 const data = {
533 username: 'my username',
534 password: 'mysuperpassword'
535 }
536
537 makePostBodyRequest(path, server.accessToken, data, done)
538 })
539
540 it('Should fail with a too small password', function (done) {
541 const data = {
542 username: 'myusername',
543 password: 'bla'
544 }
545
546 makePostBodyRequest(path, server.accessToken, data, done)
547 })
548
549 it('Should fail with a too long password', function (done) {
550 const data = {
551 username: 'myusername',
552 password: 'my super long password which is very very very very very very very very very very very very very very' +
553 'very very very very very very very very very very very very very very very veryv very very very very' +
554 'very very very very very very very very very very very very very very very very very very very very long'
555 }
556
557 makePostBodyRequest(path, server.accessToken, data, done)
558 })
559
560 it('Should fail with an non authenticated user', function (done) {
561 const data = {
562 username: 'myusername',
563 password: 'my super password'
564 }
565
566 makePostBodyRequest(path, 'super token', data, done, 401)
567 })
568
569 it('Should succeed with the correct params', function (done) {
570 const data = {
571 username: 'user1',
572 password: 'my super password'
573 }
574
575 makePostBodyRequest(path, server.accessToken, data, done, 204)
576 })
577
578 it('Should fail with a non admin user', function (done) {
579 server.user = {
580 username: 'user1',
581 password: 'my super password'
582 }
583
584 utils.loginAndGetAccessToken(server, function (err, accessToken) {
585 if (err) throw err
586
587 userAccessToken = accessToken
588
589 const data = {
590 username: 'user2',
591 password: 'my super password'
592 }
593
594 makePostBodyRequest(path, userAccessToken, data, done, 403)
595 })
596 })
597 })
598
599 describe('When updating a user', function () {
600 before(function (done) {
601 utils.getUsersList(server.url, function (err, res) {
602 if (err) throw err
603
604 userId = res.body.data[1].id
605 done()
606 })
607 })
608
609 it('Should fail with a too small password', function (done) {
610 const data = {
611 password: 'bla'
612 }
613
614 makePutBodyRequest(path + userId, userAccessToken, data, done)
615 })
616
617 it('Should fail with a too long password', function (done) {
618 const data = {
619 password: 'my super long password which is very very very very very very very very very very very very very very' +
620 'very very very very very very very very very very very very very very very veryv very very very very' +
621 'very very very very very very very very very very very very very very very very very very very very long'
622 }
623
624 makePutBodyRequest(path + userId, userAccessToken, data, done)
625 })
626
627 it('Should fail with an non authenticated user', function (done) {
628 const data = {
629 password: 'my super password'
630 }
631
632 makePutBodyRequest(path + userId, 'super token', data, done, 401)
633 })
634
635 it('Should succeed with the correct params', function (done) {
636 const data = {
637 password: 'my super password'
638 }
639
640 makePutBodyRequest(path + userId, userAccessToken, data, done, 204)
641 })
642 })
643
644 describe('When getting my information', function () {
645 it('Should fail with a non authenticated user', function (done) {
646 request(server.url)
647 .get(path + 'me')
648 .set('Authorization', 'Bearer faketoken')
649 .set('Accept', 'application/json')
650 .expect(401, done)
651 })
652
653 it('Should success with the correct parameters', function (done) {
654 request(server.url)
655 .get(path + 'me')
656 .set('Authorization', 'Bearer ' + userAccessToken)
657 .set('Accept', 'application/json')
658 .expect(200, done)
659 })
660 })
661
662 describe('When removing an user', function () {
663 it('Should fail with an incorrect username', function (done) {
664 request(server.url)
665 .delete(path + 'bla-bla')
666 .set('Authorization', 'Bearer ' + server.accessToken)
667 .expect(400, done)
668 })
669
670 it('Should return 404 with a non existing username', function (done) {
671 request(server.url)
672 .delete(path + 'qzzerg')
673 .set('Authorization', 'Bearer ' + server.accessToken)
674 .expect(404, done)
675 })
676
677 it('Should success with the correct parameters', function (done) {
678 request(server.url)
679 .delete(path + 'user1')
680 .set('Authorization', 'Bearer ' + server.accessToken)
681 .expect(204, done)
682 })
683 })
684 })
685
686 describe('Of the remote videos API', function () {
687 describe('When making a secure request', function () {
688 it('Should check a secure request')
689 })
690
691 describe('When adding a video', function () {
692 it('Should check when adding a video')
693 })
694
695 describe('When removing a video', function () {
696 it('Should check when removing a video')
697 })
698 })
699
700 after(function (done) {
701 process.kill(-server.app.pid)
702
703 // Keep the logs if the test failed
704 if (this.ok) {
705 utils.flushTests(done)
706 } else {
707 done()
708 }
709 })
710 })
ActivityPub-federated video streaming platform using P2P directly in your web browser