server/tests/api/users/users.ts

   1 /* tslint:disable:no-unused-expression */
   2
   3 import * as chai from 'chai'
   4 import 'mocha'
   5 import { User, UserRole } from '../../../../shared/index'
   6 import {
   7   blockUser,
   8   createUser,
   9   deleteMe,
  10   flushTests,
  11   getAccountRatings,
  12   getBlacklistedVideosList,
  13   getMyUserInformation,
  14   getMyUserVideoQuotaUsed,
  15   getMyUserVideoRating,
  16   getUserInformation,
  17   getUsersList,
  18   getUsersListPaginationAndSort,
  19   getVideosList,
  20   killallServers,
  21   login,
  22   makePutBodyRequest,
  23   rateVideo,
  24   registerUser,
  25   removeUser,
  26   removeVideo,
  27   flushAndRunServer,
  28   ServerInfo,
  29   testImage,
  30   unblockUser,
  31   updateMyAvatar,
  32   updateMyUser,
  33   updateUser,
  34   uploadVideo,
  35   userLogin
  36 } from '../../../../shared/extra-utils'
  37 import { follow } from '../../../../shared/extra-utils/server/follows'
  38 import { setAccessTokensToServers } from '../../../../shared/extra-utils/users/login'
  39 import { getMyVideos } from '../../../../shared/extra-utils/videos/videos'
  40 import { UserAdminFlag } from '../../../../shared/models/users/user-flag.model'
  41
  42 const expect = chai.expect
  43
  44 describe('Test users', function () {
  45   let server: ServerInfo
  46   let accessToken: string
  47   let accessTokenUser: string
  48   let videoId: number
  49   let userId: number
  50   const user = {
  51     username: 'user_1',
  52     password: 'super password'
  53   }
  54
  55   before(async function () {
  56     this.timeout(30000)
  57     server = await flushAndRunServer(1)
  58
  59     await setAccessTokensToServers([ server ])
  60   })
  61
  62   describe('OAuth client', function () {
  63     it('Should create a new client')
  64
  65     it('Should return the first client')
  66
  67     it('Should remove the last client')
  68
  69     it('Should not login with an invalid client id', async function () {
  70       const client = { id: 'client', secret: server.client.secret }
  71       const res = await login(server.url, client, server.user, 400)
  72
  73       expect(res.body.error).to.contain('client is invalid')
  74     })
  75
  76     it('Should not login with an invalid client secret', async function () {
  77       const client = { id: server.client.id, secret: 'coucou' }
  78       const res = await login(server.url, client, server.user, 400)
  79
  80       expect(res.body.error).to.contain('client is invalid')
  81     })
  82   })
  83
  84   describe('Login', function () {
  85
  86     it('Should not login with an invalid username', async function () {
  87       const user = { username: 'captain crochet', password: server.user.password }
  88       const res = await login(server.url, server.client, user, 400)
  89
  90       expect(res.body.error).to.contain('credentials are invalid')
  91     })
  92
  93     it('Should not login with an invalid password', async function () {
  94       const user = { username: server.user.username, password: 'mew_three' }
  95       const res = await login(server.url, server.client, user, 400)
  96
  97       expect(res.body.error).to.contain('credentials are invalid')
  98     })
  99
 100     it('Should not be able to upload a video', async function () {
 101       accessToken = 'my_super_token'
 102
 103       const videoAttributes = {}
 104       await uploadVideo(server.url, accessToken, videoAttributes, 401)
 105     })
 106
 107     it('Should not be able to follow', async function () {
 108       accessToken = 'my_super_token'
 109       await follow(server.url, [ 'http://example.com' ], accessToken, 401)
 110     })
 111
 112     it('Should not be able to unfollow')
 113
 114     it('Should be able to login', async function () {
 115       const res = await login(server.url, server.client, server.user, 200)
 116
 117       accessToken = res.body.access_token
 118     })
 119   })
 120
 121   describe('Upload', function () {
 122
 123     it('Should upload the video with the correct token', async function () {
 124       const videoAttributes = {}
 125       await uploadVideo(server.url, accessToken, videoAttributes)
 126       const res = await getVideosList(server.url)
 127       const video = res.body.data[ 0 ]
 128
 129       expect(video.account.name).to.equal('root')
 130       videoId = video.id
 131     })
 132
 133     it('Should upload the video again with the correct token', async function () {
 134       const videoAttributes = {}
 135       await uploadVideo(server.url, accessToken, videoAttributes)
 136     })
 137   })
 138
 139   describe('Ratings', function () {
 140
 141     it('Should retrieve a video rating', async function () {
 142       await rateVideo(server.url, accessToken, videoId, 'like')
 143       const res = await getMyUserVideoRating(server.url, accessToken, videoId)
 144       const rating = res.body
 145
 146       expect(rating.videoId).to.equal(videoId)
 147       expect(rating.rating).to.equal('like')
 148     })
 149
 150     it('Should retrieve ratings list', async function () {
 151       await rateVideo(server.url, accessToken, videoId, 'like')
 152
 153       const res = await getAccountRatings(server.url, server.user.username, server.accessToken, null, 200)
 154       const ratings = res.body
 155
 156       expect(ratings.total).to.equal(1)
 157       expect(ratings.data[ 0 ].video.id).to.equal(videoId)
 158       expect(ratings.data[ 0 ].rating).to.equal('like')
 159     })
 160
 161     it('Should retrieve ratings list by rating type', async function () {
 162       {
 163         const res = await getAccountRatings(server.url, server.user.username, server.accessToken, 'like')
 164         const ratings = res.body
 165         expect(ratings.data.length).to.equal(1)
 166       }
 167
 168       {
 169         const res = await getAccountRatings(server.url, server.user.username, server.accessToken, 'dislike')
 170         const ratings = res.body
 171         expect(ratings.data.length).to.equal(0)
 172       }
 173     })
 174   })
 175
 176   describe('Remove video', function () {
 177     it('Should not be able to remove the video with an incorrect token', async function () {
 178       await removeVideo(server.url, 'bad_token', videoId, 401)
 179     })
 180
 181     it('Should not be able to remove the video with the token of another account')
 182
 183     it('Should be able to remove the video with the correct token', async function () {
 184       await removeVideo(server.url, accessToken, videoId)
 185     })
 186   })
 187
 188   describe('Logout', function () {
 189     it('Should logout (revoke token)')
 190
 191     it('Should not be able to get the user information')
 192
 193     it('Should not be able to upload a video')
 194
 195     it('Should not be able to remove a video')
 196
 197     it('Should not be able to rate a video', async function () {
 198       const path = '/api/v1/videos/'
 199       const data = {
 200         rating: 'likes'
 201       }
 202
 203       const options = {
 204         url: server.url,
 205         path: path + videoId,
 206         token: 'wrong token',
 207         fields: data,
 208         statusCodeExpected: 401
 209       }
 210       await makePutBodyRequest(options)
 211     })
 212
 213     it('Should be able to login again')
 214
 215     it('Should have an expired access token')
 216
 217     it('Should refresh the token')
 218
 219     it('Should be able to upload a video again')
 220   })
 221
 222   describe('Creating a user', function () {
 223
 224     it('Should be able to create a new user', async function () {
 225       await createUser({
 226         url: server.url,
 227         accessToken: accessToken,
 228         username: user.username,
 229         password: user.password,
 230         videoQuota: 2 * 1024 * 1024,
 231         adminFlags: UserAdminFlag.BY_PASS_VIDEO_AUTO_BLACKLIST
 232       })
 233     })
 234
 235     it('Should be able to login with this user', async function () {
 236       accessTokenUser = await userLogin(server, user)
 237     })
 238
 239     it('Should be able to get user information', async function () {
 240       const res1 = await getMyUserInformation(server.url, accessTokenUser)
 241       const userMe: User = res1.body
 242
 243       const res2 = await getUserInformation(server.url, server.accessToken, userMe.id)
 244       const userGet: User = res2.body
 245
 246       for (const user of [ userMe, userGet ]) {
 247         expect(user.username).to.equal('user_1')
 248         expect(user.email).to.equal('user_1@example.com')
 249         expect(user.nsfwPolicy).to.equal('display')
 250         expect(user.videoQuota).to.equal(2 * 1024 * 1024)
 251         expect(user.roleLabel).to.equal('User')
 252         expect(user.id).to.be.a('number')
 253         expect(user.account.displayName).to.equal('user_1')
 254         expect(user.account.description).to.be.null
 255       }
 256
 257       expect(userMe.adminFlags).to.be.undefined
 258       expect(userGet.adminFlags).to.equal(UserAdminFlag.BY_PASS_VIDEO_AUTO_BLACKLIST)
 259     })
 260   })
 261
 262   describe('My videos & quotas', function () {
 263
 264     it('Should be able to upload a video with this user', async function () {
 265       this.timeout(5000)
 266
 267       const videoAttributes = {
 268         name: 'super user video',
 269         fixture: 'video_short.webm'
 270       }
 271       await uploadVideo(server.url, accessTokenUser, videoAttributes)
 272     })
 273
 274     it('Should have video quota updated', async function () {
 275       const res = await getMyUserVideoQuotaUsed(server.url, accessTokenUser)
 276       const data = res.body
 277
 278       expect(data.videoQuotaUsed).to.equal(218910)
 279
 280       const resUsers = await getUsersList(server.url, server.accessToken)
 281
 282       const users: User[] = resUsers.body.data
 283       const tmpUser = users.find(u => u.username === user.username)
 284       expect(tmpUser.videoQuotaUsed).to.equal(218910)
 285     })
 286
 287     it('Should be able to list my videos', async function () {
 288       const res = await getMyVideos(server.url, accessTokenUser, 0, 5)
 289       expect(res.body.total).to.equal(1)
 290
 291       const videos = res.body.data
 292       expect(videos).to.have.lengthOf(1)
 293
 294       expect(videos[ 0 ].name).to.equal('super user video')
 295     })
 296   })
 297
 298   describe('Users listing', function () {
 299
 300     it('Should list all the users', async function () {
 301       const res = await getUsersList(server.url, server.accessToken)
 302       const result = res.body
 303       const total = result.total
 304       const users = result.data
 305
 306       expect(total).to.equal(2)
 307       expect(users).to.be.an('array')
 308       expect(users.length).to.equal(2)
 309
 310       const user = users[ 0 ]
 311       expect(user.username).to.equal('user_1')
 312       expect(user.email).to.equal('user_1@example.com')
 313       expect(user.nsfwPolicy).to.equal('display')
 314
 315       const rootUser = users[ 1 ]
 316       expect(rootUser.username).to.equal('root')
 317       expect(rootUser.email).to.equal('admin1@example.com')
 318       expect(user.nsfwPolicy).to.equal('display')
 319
 320       userId = user.id
 321     })
 322
 323     it('Should list only the first user by username asc', async function () {
 324       const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 1, 'username')
 325
 326       const result = res.body
 327       const total = result.total
 328       const users = result.data
 329
 330       expect(total).to.equal(2)
 331       expect(users.length).to.equal(1)
 332
 333       const user = users[ 0 ]
 334       expect(user.username).to.equal('root')
 335       expect(user.email).to.equal('admin1@example.com')
 336       expect(user.roleLabel).to.equal('Administrator')
 337       expect(user.nsfwPolicy).to.equal('display')
 338     })
 339
 340     it('Should list only the first user by username desc', async function () {
 341       const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 1, '-username')
 342       const result = res.body
 343       const total = result.total
 344       const users = result.data
 345
 346       expect(total).to.equal(2)
 347       expect(users.length).to.equal(1)
 348
 349       const user = users[ 0 ]
 350       expect(user.username).to.equal('user_1')
 351       expect(user.email).to.equal('user_1@example.com')
 352       expect(user.nsfwPolicy).to.equal('display')
 353     })
 354
 355     it('Should list only the second user by createdAt desc', async function () {
 356       const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 1, '-createdAt')
 357       const result = res.body
 358       const total = result.total
 359       const users = result.data
 360
 361       expect(total).to.equal(2)
 362       expect(users.length).to.equal(1)
 363
 364       const user = users[ 0 ]
 365       expect(user.username).to.equal('user_1')
 366       expect(user.email).to.equal('user_1@example.com')
 367       expect(user.nsfwPolicy).to.equal('display')
 368     })
 369
 370     it('Should list all the users by createdAt asc', async function () {
 371       const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 2, 'createdAt')
 372       const result = res.body
 373       const total = result.total
 374       const users = result.data
 375
 376       expect(total).to.equal(2)
 377       expect(users.length).to.equal(2)
 378
 379       expect(users[ 0 ].username).to.equal('root')
 380       expect(users[ 0 ].email).to.equal('admin1@example.com')
 381       expect(users[ 0 ].nsfwPolicy).to.equal('display')
 382
 383       expect(users[ 1 ].username).to.equal('user_1')
 384       expect(users[ 1 ].email).to.equal('user_1@example.com')
 385       expect(users[ 1 ].nsfwPolicy).to.equal('display')
 386     })
 387
 388     it('Should search user by username', async function () {
 389       const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 2, 'createdAt', 'oot')
 390       const users = res.body.data as User[]
 391
 392       expect(res.body.total).to.equal(1)
 393       expect(users.length).to.equal(1)
 394
 395       expect(users[ 0 ].username).to.equal('root')
 396     })
 397
 398     it('Should search user by email', async function () {
 399       {
 400         const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 2, 'createdAt', 'r_1@exam')
 401         const users = res.body.data as User[]
 402
 403         expect(res.body.total).to.equal(1)
 404         expect(users.length).to.equal(1)
 405
 406         expect(users[ 0 ].username).to.equal('user_1')
 407         expect(users[ 0 ].email).to.equal('user_1@example.com')
 408       }
 409
 410       {
 411         const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 2, 'createdAt', 'example')
 412         const users = res.body.data as User[]
 413
 414         expect(res.body.total).to.equal(2)
 415         expect(users.length).to.equal(2)
 416
 417         expect(users[ 0 ].username).to.equal('root')
 418         expect(users[ 1 ].username).to.equal('user_1')
 419       }
 420     })
 421   })
 422
 423   describe('Update my account', function () {
 424     it('Should update my password', async function () {
 425       await updateMyUser({
 426         url: server.url,
 427         accessToken: accessTokenUser,
 428         currentPassword: 'super password',
 429         newPassword: 'new password'
 430       })
 431       user.password = 'new password'
 432
 433       await userLogin(server, user, 200)
 434     })
 435
 436     it('Should be able to change the NSFW display attribute', async function () {
 437       await updateMyUser({
 438         url: server.url,
 439         accessToken: accessTokenUser,
 440         nsfwPolicy: 'do_not_list'
 441       })
 442
 443       const res = await getMyUserInformation(server.url, accessTokenUser)
 444       const user = res.body
 445
 446       expect(user.username).to.equal('user_1')
 447       expect(user.email).to.equal('user_1@example.com')
 448       expect(user.nsfwPolicy).to.equal('do_not_list')
 449       expect(user.videoQuota).to.equal(2 * 1024 * 1024)
 450       expect(user.id).to.be.a('number')
 451       expect(user.account.displayName).to.equal('user_1')
 452       expect(user.account.description).to.be.null
 453     })
 454
 455     it('Should be able to change the autoPlayVideo attribute', async function () {
 456       await updateMyUser({
 457         url: server.url,
 458         accessToken: accessTokenUser,
 459         autoPlayVideo: false
 460       })
 461
 462       const res = await getMyUserInformation(server.url, accessTokenUser)
 463       const user = res.body
 464
 465       expect(user.autoPlayVideo).to.be.false
 466     })
 467
 468     it('Should be able to change the email display attribute', async function () {
 469       await updateMyUser({
 470         url: server.url,
 471         accessToken: accessTokenUser,
 472         email: 'updated@example.com'
 473       })
 474
 475       const res = await getMyUserInformation(server.url, accessTokenUser)
 476       const user = res.body
 477
 478       expect(user.username).to.equal('user_1')
 479       expect(user.email).to.equal('updated@example.com')
 480       expect(user.nsfwPolicy).to.equal('do_not_list')
 481       expect(user.videoQuota).to.equal(2 * 1024 * 1024)
 482       expect(user.id).to.be.a('number')
 483       expect(user.account.displayName).to.equal('user_1')
 484       expect(user.account.description).to.be.null
 485     })
 486
 487     it('Should be able to update my avatar', async function () {
 488       const fixture = 'avatar.png'
 489
 490       await updateMyAvatar({
 491         url: server.url,
 492         accessToken: accessTokenUser,
 493         fixture
 494       })
 495
 496       const res = await getMyUserInformation(server.url, accessTokenUser)
 497       const user = res.body
 498
 499       await testImage(server.url, 'avatar-resized', user.account.avatar.path, '.png')
 500     })
 501
 502     it('Should be able to update my display name', async function () {
 503       await updateMyUser({
 504         url: server.url,
 505         accessToken: accessTokenUser,
 506         displayName: 'new display name'
 507       })
 508
 509       const res = await getMyUserInformation(server.url, accessTokenUser)
 510       const user = res.body
 511
 512       expect(user.username).to.equal('user_1')
 513       expect(user.email).to.equal('updated@example.com')
 514       expect(user.nsfwPolicy).to.equal('do_not_list')
 515       expect(user.videoQuota).to.equal(2 * 1024 * 1024)
 516       expect(user.id).to.be.a('number')
 517       expect(user.account.displayName).to.equal('new display name')
 518       expect(user.account.description).to.be.null
 519     })
 520
 521     it('Should be able to update my description', async function () {
 522       await updateMyUser({
 523         url: server.url,
 524         accessToken: accessTokenUser,
 525         description: 'my super description updated'
 526       })
 527
 528       const res = await getMyUserInformation(server.url, accessTokenUser)
 529       const user = res.body
 530
 531       expect(user.username).to.equal('user_1')
 532       expect(user.email).to.equal('updated@example.com')
 533       expect(user.nsfwPolicy).to.equal('do_not_list')
 534       expect(user.videoQuota).to.equal(2 * 1024 * 1024)
 535       expect(user.id).to.be.a('number')
 536       expect(user.account.displayName).to.equal('new display name')
 537       expect(user.account.description).to.equal('my super description updated')
 538     })
 539   })
 540
 541   describe('Updating another user', function () {
 542
 543     it('Should be able to update another user', async function () {
 544       await updateUser({
 545         url: server.url,
 546         userId,
 547         accessToken,
 548         email: 'updated2@example.com',
 549         emailVerified: true,
 550         videoQuota: 42,
 551         role: UserRole.MODERATOR,
 552         adminFlags: UserAdminFlag.NONE
 553       })
 554
 555       const res = await getUserInformation(server.url, accessToken, userId)
 556       const user = res.body
 557
 558       expect(user.username).to.equal('user_1')
 559       expect(user.email).to.equal('updated2@example.com')
 560       expect(user.emailVerified).to.be.true
 561       expect(user.nsfwPolicy).to.equal('do_not_list')
 562       expect(user.videoQuota).to.equal(42)
 563       expect(user.roleLabel).to.equal('Moderator')
 564       expect(user.id).to.be.a('number')
 565       expect(user.adminFlags).to.equal(UserAdminFlag.NONE)
 566     })
 567
 568     it('Should have removed the user token', async function () {
 569       await getMyUserVideoQuotaUsed(server.url, accessTokenUser, 401)
 570
 571       accessTokenUser = await userLogin(server, user)
 572     })
 573
 574     it('Should be able to update another user password', async function () {
 575       await updateUser({
 576         url: server.url,
 577         userId,
 578         accessToken,
 579         password: 'password updated'
 580       })
 581
 582       await getMyUserVideoQuotaUsed(server.url, accessTokenUser, 401)
 583
 584       await userLogin(server, user, 400)
 585
 586       user.password = 'password updated'
 587       accessTokenUser = await userLogin(server, user)
 588     })
 589   })
 590
 591   describe('Video blacklists', function () {
 592     it('Should be able to list video blacklist by a moderator', async function () {
 593       await getBlacklistedVideosList({ url: server.url, token: accessTokenUser })
 594     })
 595   })
 596
 597   describe('Remove a user', function () {
 598     it('Should be able to remove this user', async function () {
 599       await removeUser(server.url, userId, accessToken)
 600     })
 601
 602     it('Should not be able to login with this user', async function () {
 603       await userLogin(server, user, 400)
 604     })
 605
 606     it('Should not have videos of this user', async function () {
 607       const res = await getVideosList(server.url)
 608
 609       expect(res.body.total).to.equal(1)
 610
 611       const video = res.body.data[ 0 ]
 612       expect(video.account.name).to.equal('root')
 613     })
 614   })
 615
 616   describe('Registering a new user', function () {
 617     it('Should register a new user', async function () {
 618       await registerUser(server.url, 'user_15', 'my super password')
 619     })
 620
 621     it('Should be able to login with this registered user', async function () {
 622       const user15 = {
 623         username: 'user_15',
 624         password: 'my super password'
 625       }
 626
 627       accessToken = await userLogin(server, user15)
 628     })
 629
 630     it('Should have the correct video quota', async function () {
 631       const res = await getMyUserInformation(server.url, accessToken)
 632       const user = res.body
 633
 634       expect(user.videoQuota).to.equal(5 * 1024 * 1024)
 635     })
 636
 637     it('Should remove me', async function () {
 638       {
 639         const res = await getUsersList(server.url, server.accessToken)
 640         expect(res.body.data.find(u => u.username === 'user_15')).to.not.be.undefined
 641       }
 642
 643       await deleteMe(server.url, accessToken)
 644
 645       {
 646         const res = await getUsersList(server.url, server.accessToken)
 647         expect(res.body.data.find(u => u.username === 'user_15')).to.be.undefined
 648       }
 649     })
 650   })
 651
 652   describe('User blocking', function () {
 653     it('Should block and unblock a user', async function () {
 654       const user16 = {
 655         username: 'user_16',
 656         password: 'my super password'
 657       }
 658       const resUser = await createUser({
 659         url: server.url,
 660         accessToken: server.accessToken,
 661         username: user16.username,
 662         password: user16.password
 663       })
 664       const user16Id = resUser.body.user.id
 665
 666       accessToken = await userLogin(server, user16)
 667
 668       await getMyUserInformation(server.url, accessToken, 200)
 669       await blockUser(server.url, user16Id, server.accessToken)
 670
 671       await getMyUserInformation(server.url, accessToken, 401)
 672       await userLogin(server, user16, 400)
 673
 674       await unblockUser(server.url, user16Id, server.accessToken)
 675       accessToken = await userLogin(server, user16)
 676       await getMyUserInformation(server.url, accessToken, 200)
 677     })
 678   })
 679
 680   after(function () {
 681     killallServers([ server ])
 682   })
 683 })