server/tests/api/users/users.ts

   1 /* tslint:disable:no-unused-expression */
   2
   3 import * as chai from 'chai'
   4 import 'mocha'
   5 import { User, UserRole, Video } from '../../../../shared/index'
   6 import {
   7   blockUser,
   8   cleanupTests,
   9   createUser,
  10   deleteMe,
  11   flushAndRunServer,
  12   getAccountRatings,
  13   getBlacklistedVideosList,
  14   getMyUserInformation,
  15   getMyUserVideoQuotaUsed,
  16   getMyUserVideoRating,
  17   getUserInformation,
  18   getUsersList,
  19   getUsersListPaginationAndSort,
  20   getVideoChannel,
  21   getVideosList,
  22   login,
  23   makePutBodyRequest,
  24   rateVideo,
  25   registerUserWithChannel,
  26   removeUser,
  27   removeVideo,
  28   ServerInfo,
  29   testImage,
  30   unblockUser,
  31   updateMyAvatar,
  32   updateMyUser,
  33   updateUser,
  34   uploadVideo,
  35   userLogin
  36 } from '../../../../shared/extra-utils'
  37 import { follow } from '../../../../shared/extra-utils/server/follows'
  38 import { setAccessTokensToServers } from '../../../../shared/extra-utils/users/login'
  39 import { getMyVideos } from '../../../../shared/extra-utils/videos/videos'
  40 import { UserAdminFlag } from '../../../../shared/models/users/user-flag.model'
  41
  42 const expect = chai.expect
  43
  44 describe('Test users', function () {
  45   let server: ServerInfo
  46   let accessToken: string
  47   let accessTokenUser: string
  48   let videoId: number
  49   let userId: number
  50   const user = {
  51     username: 'user_1',
  52     password: 'super password'
  53   }
  54
  55   before(async function () {
  56     this.timeout(30000)
  57     server = await flushAndRunServer(1)
  58
  59     await setAccessTokensToServers([ server ])
  60   })
  61
  62   describe('OAuth client', function () {
  63     it('Should create a new client')
  64
  65     it('Should return the first client')
  66
  67     it('Should remove the last client')
  68
  69     it('Should not login with an invalid client id', async function () {
  70       const client = { id: 'client', secret: server.client.secret }
  71       const res = await login(server.url, client, server.user, 400)
  72
  73       expect(res.body.error).to.contain('client is invalid')
  74     })
  75
  76     it('Should not login with an invalid client secret', async function () {
  77       const client = { id: server.client.id, secret: 'coucou' }
  78       const res = await login(server.url, client, server.user, 400)
  79
  80       expect(res.body.error).to.contain('client is invalid')
  81     })
  82   })
  83
  84   describe('Login', function () {
  85
  86     it('Should not login with an invalid username', async function () {
  87       const user = { username: 'captain crochet', password: server.user.password }
  88       const res = await login(server.url, server.client, user, 400)
  89
  90       expect(res.body.error).to.contain('credentials are invalid')
  91     })
  92
  93     it('Should not login with an invalid password', async function () {
  94       const user = { username: server.user.username, password: 'mew_three' }
  95       const res = await login(server.url, server.client, user, 400)
  96
  97       expect(res.body.error).to.contain('credentials are invalid')
  98     })
  99
 100     it('Should not be able to upload a video', async function () {
 101       accessToken = 'my_super_token'
 102
 103       const videoAttributes = {}
 104       await uploadVideo(server.url, accessToken, videoAttributes, 401)
 105     })
 106
 107     it('Should not be able to follow', async function () {
 108       accessToken = 'my_super_token'
 109       await follow(server.url, [ 'http://example.com' ], accessToken, 401)
 110     })
 111
 112     it('Should not be able to unfollow')
 113
 114     it('Should be able to login', async function () {
 115       const res = await login(server.url, server.client, server.user, 200)
 116
 117       accessToken = res.body.access_token
 118     })
 119   })
 120
 121   describe('Upload', function () {
 122
 123     it('Should upload the video with the correct token', async function () {
 124       const videoAttributes = {}
 125       await uploadVideo(server.url, accessToken, videoAttributes)
 126       const res = await getVideosList(server.url)
 127       const video = res.body.data[ 0 ]
 128
 129       expect(video.account.name).to.equal('root')
 130       videoId = video.id
 131     })
 132
 133     it('Should upload the video again with the correct token', async function () {
 134       const videoAttributes = {}
 135       await uploadVideo(server.url, accessToken, videoAttributes)
 136     })
 137   })
 138
 139   describe('Ratings', function () {
 140
 141     it('Should retrieve a video rating', async function () {
 142       await rateVideo(server.url, accessToken, videoId, 'like')
 143       const res = await getMyUserVideoRating(server.url, accessToken, videoId)
 144       const rating = res.body
 145
 146       expect(rating.videoId).to.equal(videoId)
 147       expect(rating.rating).to.equal('like')
 148     })
 149
 150     it('Should retrieve ratings list', async function () {
 151       await rateVideo(server.url, accessToken, videoId, 'like')
 152
 153       const res = await getAccountRatings(server.url, server.user.username, server.accessToken, null, 200)
 154       const ratings = res.body
 155
 156       expect(ratings.total).to.equal(1)
 157       expect(ratings.data[ 0 ].video.id).to.equal(videoId)
 158       expect(ratings.data[ 0 ].rating).to.equal('like')
 159     })
 160
 161     it('Should retrieve ratings list by rating type', async function () {
 162       {
 163         const res = await getAccountRatings(server.url, server.user.username, server.accessToken, 'like')
 164         const ratings = res.body
 165         expect(ratings.data.length).to.equal(1)
 166       }
 167
 168       {
 169         const res = await getAccountRatings(server.url, server.user.username, server.accessToken, 'dislike')
 170         const ratings = res.body
 171         expect(ratings.data.length).to.equal(0)
 172       }
 173     })
 174   })
 175
 176   describe('Remove video', function () {
 177     it('Should not be able to remove the video with an incorrect token', async function () {
 178       await removeVideo(server.url, 'bad_token', videoId, 401)
 179     })
 180
 181     it('Should not be able to remove the video with the token of another account')
 182
 183     it('Should be able to remove the video with the correct token', async function () {
 184       await removeVideo(server.url, accessToken, videoId)
 185     })
 186   })
 187
 188   describe('Logout', function () {
 189     it('Should logout (revoke token)')
 190
 191     it('Should not be able to get the user information')
 192
 193     it('Should not be able to upload a video')
 194
 195     it('Should not be able to remove a video')
 196
 197     it('Should not be able to rate a video', async function () {
 198       const path = '/api/v1/videos/'
 199       const data = {
 200         rating: 'likes'
 201       }
 202
 203       const options = {
 204         url: server.url,
 205         path: path + videoId,
 206         token: 'wrong token',
 207         fields: data,
 208         statusCodeExpected: 401
 209       }
 210       await makePutBodyRequest(options)
 211     })
 212
 213     it('Should be able to login again')
 214
 215     it('Should have an expired access token')
 216
 217     it('Should refresh the token')
 218
 219     it('Should be able to upload a video again')
 220   })
 221
 222   describe('Creating a user', function () {
 223
 224     it('Should be able to create a new user', async function () {
 225       await createUser({
 226         url: server.url,
 227         accessToken: accessToken,
 228         username: user.username,
 229         password: user.password,
 230         videoQuota: 2 * 1024 * 1024,
 231         adminFlags: UserAdminFlag.BY_PASS_VIDEO_AUTO_BLACKLIST
 232       })
 233     })
 234
 235     it('Should be able to login with this user', async function () {
 236       accessTokenUser = await userLogin(server, user)
 237     })
 238
 239     it('Should be able to get user information', async function () {
 240       const res1 = await getMyUserInformation(server.url, accessTokenUser)
 241       const userMe: User = res1.body
 242
 243       const res2 = await getUserInformation(server.url, server.accessToken, userMe.id)
 244       const userGet: User = res2.body
 245
 246       for (const user of [ userMe, userGet ]) {
 247         expect(user.username).to.equal('user_1')
 248         expect(user.email).to.equal('user_1@example.com')
 249         expect(user.nsfwPolicy).to.equal('display')
 250         expect(user.videoQuota).to.equal(2 * 1024 * 1024)
 251         expect(user.roleLabel).to.equal('User')
 252         expect(user.id).to.be.a('number')
 253         expect(user.account.displayName).to.equal('user_1')
 254         expect(user.account.description).to.be.null
 255       }
 256
 257       expect(userMe.adminFlags).to.be.undefined
 258       expect(userGet.adminFlags).to.equal(UserAdminFlag.BY_PASS_VIDEO_AUTO_BLACKLIST)
 259     })
 260   })
 261
 262   describe('My videos & quotas', function () {
 263
 264     it('Should be able to upload a video with this user', async function () {
 265       this.timeout(5000)
 266
 267       const videoAttributes = {
 268         name: 'super user video',
 269         fixture: 'video_short.webm'
 270       }
 271       await uploadVideo(server.url, accessTokenUser, videoAttributes)
 272     })
 273
 274     it('Should have video quota updated', async function () {
 275       const res = await getMyUserVideoQuotaUsed(server.url, accessTokenUser)
 276       const data = res.body
 277
 278       expect(data.videoQuotaUsed).to.equal(218910)
 279
 280       const resUsers = await getUsersList(server.url, server.accessToken)
 281
 282       const users: User[] = resUsers.body.data
 283       const tmpUser = users.find(u => u.username === user.username)
 284       expect(tmpUser.videoQuotaUsed).to.equal(218910)
 285     })
 286
 287     it('Should be able to list my videos', async function () {
 288       const res = await getMyVideos(server.url, accessTokenUser, 0, 5)
 289       expect(res.body.total).to.equal(1)
 290
 291       const videos = res.body.data
 292       expect(videos).to.have.lengthOf(1)
 293
 294       const video: Video = videos[ 0 ]
 295       expect(video.name).to.equal('super user video')
 296       expect(video.thumbnailPath).to.not.be.null
 297       expect(video.previewPath).to.not.be.null
 298     })
 299   })
 300
 301   describe('Users listing', function () {
 302
 303     it('Should list all the users', async function () {
 304       const res = await getUsersList(server.url, server.accessToken)
 305       const result = res.body
 306       const total = result.total
 307       const users = result.data
 308
 309       expect(total).to.equal(2)
 310       expect(users).to.be.an('array')
 311       expect(users.length).to.equal(2)
 312
 313       const user = users[ 0 ]
 314       expect(user.username).to.equal('user_1')
 315       expect(user.email).to.equal('user_1@example.com')
 316       expect(user.nsfwPolicy).to.equal('display')
 317
 318       const rootUser = users[ 1 ]
 319       expect(rootUser.username).to.equal('root')
 320       expect(rootUser.email).to.equal('admin' + server.internalServerNumber + '@example.com')
 321       expect(user.nsfwPolicy).to.equal('display')
 322
 323       userId = user.id
 324     })
 325
 326     it('Should list only the first user by username asc', async function () {
 327       const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 1, 'username')
 328
 329       const result = res.body
 330       const total = result.total
 331       const users = result.data
 332
 333       expect(total).to.equal(2)
 334       expect(users.length).to.equal(1)
 335
 336       const user = users[ 0 ]
 337       expect(user.username).to.equal('root')
 338       expect(user.email).to.equal('admin' + server.internalServerNumber + '@example.com')
 339       expect(user.roleLabel).to.equal('Administrator')
 340       expect(user.nsfwPolicy).to.equal('display')
 341     })
 342
 343     it('Should list only the first user by username desc', async function () {
 344       const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 1, '-username')
 345       const result = res.body
 346       const total = result.total
 347       const users = result.data
 348
 349       expect(total).to.equal(2)
 350       expect(users.length).to.equal(1)
 351
 352       const user = users[ 0 ]
 353       expect(user.username).to.equal('user_1')
 354       expect(user.email).to.equal('user_1@example.com')
 355       expect(user.nsfwPolicy).to.equal('display')
 356     })
 357
 358     it('Should list only the second user by createdAt desc', async function () {
 359       const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 1, '-createdAt')
 360       const result = res.body
 361       const total = result.total
 362       const users = result.data
 363
 364       expect(total).to.equal(2)
 365       expect(users.length).to.equal(1)
 366
 367       const user = users[ 0 ]
 368       expect(user.username).to.equal('user_1')
 369       expect(user.email).to.equal('user_1@example.com')
 370       expect(user.nsfwPolicy).to.equal('display')
 371     })
 372
 373     it('Should list all the users by createdAt asc', async function () {
 374       const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 2, 'createdAt')
 375       const result = res.body
 376       const total = result.total
 377       const users = result.data
 378
 379       expect(total).to.equal(2)
 380       expect(users.length).to.equal(2)
 381
 382       expect(users[ 0 ].username).to.equal('root')
 383       expect(users[ 0 ].email).to.equal('admin' + server.internalServerNumber + '@example.com')
 384       expect(users[ 0 ].nsfwPolicy).to.equal('display')
 385
 386       expect(users[ 1 ].username).to.equal('user_1')
 387       expect(users[ 1 ].email).to.equal('user_1@example.com')
 388       expect(users[ 1 ].nsfwPolicy).to.equal('display')
 389     })
 390
 391     it('Should search user by username', async function () {
 392       const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 2, 'createdAt', 'oot')
 393       const users = res.body.data as User[]
 394
 395       expect(res.body.total).to.equal(1)
 396       expect(users.length).to.equal(1)
 397
 398       expect(users[ 0 ].username).to.equal('root')
 399     })
 400
 401     it('Should search user by email', async function () {
 402       {
 403         const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 2, 'createdAt', 'r_1@exam')
 404         const users = res.body.data as User[]
 405
 406         expect(res.body.total).to.equal(1)
 407         expect(users.length).to.equal(1)
 408
 409         expect(users[ 0 ].username).to.equal('user_1')
 410         expect(users[ 0 ].email).to.equal('user_1@example.com')
 411       }
 412
 413       {
 414         const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 2, 'createdAt', 'example')
 415         const users = res.body.data as User[]
 416
 417         expect(res.body.total).to.equal(2)
 418         expect(users.length).to.equal(2)
 419
 420         expect(users[ 0 ].username).to.equal('root')
 421         expect(users[ 1 ].username).to.equal('user_1')
 422       }
 423     })
 424   })
 425
 426   describe('Update my account', function () {
 427     it('Should update my password', async function () {
 428       await updateMyUser({
 429         url: server.url,
 430         accessToken: accessTokenUser,
 431         currentPassword: 'super password',
 432         newPassword: 'new password'
 433       })
 434       user.password = 'new password'
 435
 436       await userLogin(server, user, 200)
 437     })
 438
 439     it('Should be able to change the NSFW display attribute', async function () {
 440       await updateMyUser({
 441         url: server.url,
 442         accessToken: accessTokenUser,
 443         nsfwPolicy: 'do_not_list'
 444       })
 445
 446       const res = await getMyUserInformation(server.url, accessTokenUser)
 447       const user = res.body
 448
 449       expect(user.username).to.equal('user_1')
 450       expect(user.email).to.equal('user_1@example.com')
 451       expect(user.nsfwPolicy).to.equal('do_not_list')
 452       expect(user.videoQuota).to.equal(2 * 1024 * 1024)
 453       expect(user.id).to.be.a('number')
 454       expect(user.account.displayName).to.equal('user_1')
 455       expect(user.account.description).to.be.null
 456     })
 457
 458     it('Should be able to change the autoPlayVideo attribute', async function () {
 459       await updateMyUser({
 460         url: server.url,
 461         accessToken: accessTokenUser,
 462         autoPlayVideo: false
 463       })
 464
 465       const res = await getMyUserInformation(server.url, accessTokenUser)
 466       const user = res.body
 467
 468       expect(user.autoPlayVideo).to.be.false
 469     })
 470
 471     it('Should be able to change the email attribute', async function () {
 472       await updateMyUser({
 473         url: server.url,
 474         accessToken: accessTokenUser,
 475         currentPassword: 'new password',
 476         email: 'updated@example.com'
 477       })
 478
 479       const res = await getMyUserInformation(server.url, accessTokenUser)
 480       const user = res.body
 481
 482       expect(user.username).to.equal('user_1')
 483       expect(user.email).to.equal('updated@example.com')
 484       expect(user.nsfwPolicy).to.equal('do_not_list')
 485       expect(user.videoQuota).to.equal(2 * 1024 * 1024)
 486       expect(user.id).to.be.a('number')
 487       expect(user.account.displayName).to.equal('user_1')
 488       expect(user.account.description).to.be.null
 489     })
 490
 491     it('Should be able to update my avatar', async function () {
 492       const fixture = 'avatar.png'
 493
 494       await updateMyAvatar({
 495         url: server.url,
 496         accessToken: accessTokenUser,
 497         fixture
 498       })
 499
 500       const res = await getMyUserInformation(server.url, accessTokenUser)
 501       const user = res.body
 502
 503       await testImage(server.url, 'avatar-resized', user.account.avatar.path, '.png')
 504     })
 505
 506     it('Should be able to update my display name', async function () {
 507       await updateMyUser({
 508         url: server.url,
 509         accessToken: accessTokenUser,
 510         displayName: 'new display name'
 511       })
 512
 513       const res = await getMyUserInformation(server.url, accessTokenUser)
 514       const user = res.body
 515
 516       expect(user.username).to.equal('user_1')
 517       expect(user.email).to.equal('updated@example.com')
 518       expect(user.nsfwPolicy).to.equal('do_not_list')
 519       expect(user.videoQuota).to.equal(2 * 1024 * 1024)
 520       expect(user.id).to.be.a('number')
 521       expect(user.account.displayName).to.equal('new display name')
 522       expect(user.account.description).to.be.null
 523     })
 524
 525     it('Should be able to update my description', async function () {
 526       await updateMyUser({
 527         url: server.url,
 528         accessToken: accessTokenUser,
 529         description: 'my super description updated'
 530       })
 531
 532       const res = await getMyUserInformation(server.url, accessTokenUser)
 533       const user = res.body
 534
 535       expect(user.username).to.equal('user_1')
 536       expect(user.email).to.equal('updated@example.com')
 537       expect(user.nsfwPolicy).to.equal('do_not_list')
 538       expect(user.videoQuota).to.equal(2 * 1024 * 1024)
 539       expect(user.id).to.be.a('number')
 540       expect(user.account.displayName).to.equal('new display name')
 541       expect(user.account.description).to.equal('my super description updated')
 542     })
 543   })
 544
 545   describe('Updating another user', function () {
 546
 547     it('Should be able to update another user', async function () {
 548       await updateUser({
 549         url: server.url,
 550         userId,
 551         accessToken,
 552         email: 'updated2@example.com',
 553         emailVerified: true,
 554         videoQuota: 42,
 555         role: UserRole.MODERATOR,
 556         adminFlags: UserAdminFlag.NONE
 557       })
 558
 559       const res = await getUserInformation(server.url, accessToken, userId)
 560       const user = res.body
 561
 562       expect(user.username).to.equal('user_1')
 563       expect(user.email).to.equal('updated2@example.com')
 564       expect(user.emailVerified).to.be.true
 565       expect(user.nsfwPolicy).to.equal('do_not_list')
 566       expect(user.videoQuota).to.equal(42)
 567       expect(user.roleLabel).to.equal('Moderator')
 568       expect(user.id).to.be.a('number')
 569       expect(user.adminFlags).to.equal(UserAdminFlag.NONE)
 570     })
 571
 572     it('Should have removed the user token', async function () {
 573       await getMyUserVideoQuotaUsed(server.url, accessTokenUser, 401)
 574
 575       accessTokenUser = await userLogin(server, user)
 576     })
 577
 578     it('Should be able to update another user password', async function () {
 579       await updateUser({
 580         url: server.url,
 581         userId,
 582         accessToken,
 583         password: 'password updated'
 584       })
 585
 586       await getMyUserVideoQuotaUsed(server.url, accessTokenUser, 401)
 587
 588       await userLogin(server, user, 400)
 589
 590       user.password = 'password updated'
 591       accessTokenUser = await userLogin(server, user)
 592     })
 593   })
 594
 595   describe('Video blacklists', function () {
 596     it('Should be able to list video blacklist by a moderator', async function () {
 597       await getBlacklistedVideosList({ url: server.url, token: accessTokenUser })
 598     })
 599   })
 600
 601   describe('Remove a user', function () {
 602     it('Should be able to remove this user', async function () {
 603       await removeUser(server.url, userId, accessToken)
 604     })
 605
 606     it('Should not be able to login with this user', async function () {
 607       await userLogin(server, user, 400)
 608     })
 609
 610     it('Should not have videos of this user', async function () {
 611       const res = await getVideosList(server.url)
 612
 613       expect(res.body.total).to.equal(1)
 614
 615       const video = res.body.data[ 0 ]
 616       expect(video.account.name).to.equal('root')
 617     })
 618   })
 619
 620   describe('Registering a new user', function () {
 621     it('Should register a new user', async function () {
 622       const user = { displayName: 'super user 15', username: 'user_15', password: 'my super password' }
 623       const channel = { name: 'my_user_15_channel', displayName: 'my channel rocks' }
 624
 625       await registerUserWithChannel({ url: server.url, user, channel })
 626     })
 627
 628     it('Should be able to login with this registered user', async function () {
 629       const user15 = {
 630         username: 'user_15',
 631         password: 'my super password'
 632       }
 633
 634       accessToken = await userLogin(server, user15)
 635     })
 636
 637     it('Should have the correct display name', async function () {
 638       const res = await getMyUserInformation(server.url, accessToken)
 639       const user: User = res.body
 640
 641       expect(user.account.displayName).to.equal('super user 15')
 642     })
 643
 644     it('Should have the correct video quota', async function () {
 645       const res = await getMyUserInformation(server.url, accessToken)
 646       const user = res.body
 647
 648       expect(user.videoQuota).to.equal(5 * 1024 * 1024)
 649     })
 650
 651     it('Should have created the channel', async function () {
 652       const res = await getVideoChannel(server.url, 'my_user_15_channel')
 653
 654       expect(res.body.displayName).to.equal('my channel rocks')
 655     })
 656
 657     it('Should remove me', async function () {
 658       {
 659         const res = await getUsersList(server.url, server.accessToken)
 660         expect(res.body.data.find(u => u.username === 'user_15')).to.not.be.undefined
 661       }
 662
 663       await deleteMe(server.url, accessToken)
 664
 665       {
 666         const res = await getUsersList(server.url, server.accessToken)
 667         expect(res.body.data.find(u => u.username === 'user_15')).to.be.undefined
 668       }
 669     })
 670   })
 671
 672   describe('User blocking', function () {
 673     it('Should block and unblock a user', async function () {
 674       const user16 = {
 675         username: 'user_16',
 676         password: 'my super password'
 677       }
 678       const resUser = await createUser({
 679         url: server.url,
 680         accessToken: server.accessToken,
 681         username: user16.username,
 682         password: user16.password
 683       })
 684       const user16Id = resUser.body.user.id
 685
 686       accessToken = await userLogin(server, user16)
 687
 688       await getMyUserInformation(server.url, accessToken, 200)
 689       await blockUser(server.url, user16Id, server.accessToken)
 690
 691       await getMyUserInformation(server.url, accessToken, 401)
 692       await userLogin(server, user16, 400)
 693
 694       await unblockUser(server.url, user16Id, server.accessToken)
 695       accessToken = await userLogin(server, user16)
 696       await getMyUserInformation(server.url, accessToken, 200)
 697     })
 698   })
 699
 700   after(async function () {
 701     await cleanupTests([ server ])
 702   })
 703 })