server/tests/api/users/users.ts

   1 /* tslint:disable:no-unused-expression */
   2
   3 import * as chai from 'chai'
   4 import 'mocha'
   5 import { User, UserRole } from '../../../../shared/index'
   6 import {
   7   blockUser,
   8   createUser,
   9   deleteMe,
  10   flushTests,
  11   getAccountRatings,
  12   getBlacklistedVideosList,
  13   getMyUserInformation,
  14   getMyUserVideoQuotaUsed,
  15   getMyUserVideoRating,
  16   getUserInformation,
  17   getUsersList,
  18   getUsersListPaginationAndSort,
  19   getVideosList,
  20   killallServers,
  21   login,
  22   makePutBodyRequest,
  23   rateVideo,
  24   registerUser,
  25   removeUser,
  26   removeVideo,
  27   runServer,
  28   ServerInfo,
  29   testImage,
  30   unblockUser,
  31   updateMyAvatar,
  32   updateMyUser,
  33   updateUser,
  34   uploadVideo,
  35   userLogin
  36 } from '../../../../shared/utils'
  37 import { follow } from '../../../../shared/utils/server/follows'
  38 import { setAccessTokensToServers } from '../../../../shared/utils/users/login'
  39 import { getMyVideos } from '../../../../shared/utils/videos/videos'
  40
  41 const expect = chai.expect
  42
  43 describe('Test users', function () {
  44   let server: ServerInfo
  45   let accessToken: string
  46   let accessTokenUser: string
  47   let videoId: number
  48   let userId: number
  49   const user = {
  50     username: 'user_1',
  51     password: 'super password'
  52   }
  53
  54   before(async function () {
  55     this.timeout(30000)
  56
  57     await flushTests()
  58     server = await runServer(1)
  59
  60     await setAccessTokensToServers([ server ])
  61   })
  62
  63   it('Should create a new client')
  64
  65   it('Should return the first client')
  66
  67   it('Should remove the last client')
  68
  69   it('Should not login with an invalid client id', async function () {
  70     const client = { id: 'client', secret: server.client.secret }
  71     const res = await login(server.url, client, server.user, 400)
  72
  73     expect(res.body.error).to.contain('client is invalid')
  74   })
  75
  76   it('Should not login with an invalid client secret', async function () {
  77     const client = { id: server.client.id, secret: 'coucou' }
  78     const res = await login(server.url, client, server.user, 400)
  79
  80     expect(res.body.error).to.contain('client is invalid')
  81   })
  82
  83   it('Should not login with an invalid username', async function () {
  84     const user = { username: 'captain crochet', password: server.user.password }
  85     const res = await login(server.url, server.client, user, 400)
  86
  87     expect(res.body.error).to.contain('credentials are invalid')
  88   })
  89
  90   it('Should not login with an invalid password', async function () {
  91     const user = { username: server.user.username, password: 'mew_three' }
  92     const res = await login(server.url, server.client, user, 400)
  93
  94     expect(res.body.error).to.contain('credentials are invalid')
  95   })
  96
  97   it('Should not be able to upload a video', async function () {
  98     accessToken = 'my_super_token'
  99
 100     const videoAttributes = {}
 101     await uploadVideo(server.url, accessToken, videoAttributes, 401)
 102   })
 103
 104   it('Should not be able to follow', async function () {
 105     accessToken = 'my_super_token'
 106     await follow(server.url, [ 'http://example.com' ], accessToken, 401)
 107   })
 108
 109   it('Should not be able to unfollow')
 110
 111   it('Should be able to login', async function () {
 112     const res = await login(server.url, server.client, server.user, 200)
 113
 114     accessToken = res.body.access_token
 115   })
 116
 117   it('Should upload the video with the correct token', async function () {
 118     const videoAttributes = {}
 119     await uploadVideo(server.url, accessToken, videoAttributes)
 120     const res = await getVideosList(server.url)
 121     const video = res.body.data[ 0 ]
 122
 123     expect(video.account.name).to.equal('root')
 124     videoId = video.id
 125   })
 126
 127   it('Should upload the video again with the correct token', async function () {
 128     const videoAttributes = {}
 129     await uploadVideo(server.url, accessToken, videoAttributes)
 130   })
 131
 132   it('Should retrieve a video rating', async function () {
 133     await rateVideo(server.url, accessToken, videoId, 'like')
 134     const res = await getMyUserVideoRating(server.url, accessToken, videoId)
 135     const rating = res.body
 136
 137     expect(rating.videoId).to.equal(videoId)
 138     expect(rating.rating).to.equal('like')
 139   })
 140
 141   it('Should retrieve ratings list', async function () {
 142     await rateVideo(server.url, accessToken, videoId, 'like')
 143     const res = await getAccountRatings(server.url, server.user.username, server.accessToken, 200)
 144     const ratings = res.body
 145
 146     expect(ratings.data[0].video.id).to.equal(videoId)
 147     expect(ratings.data[0].rating).to.equal('like')
 148   })
 149
 150   it('Should retrieve ratings list by rating type', async function () {
 151     await rateVideo(server.url, accessToken, videoId, 'like')
 152     let res = await getAccountRatings(server.url, server.user.username, server.accessToken, 200, { rating: 'like' })
 153     let ratings = res.body
 154     expect(ratings.data.length).to.equal(1)
 155     res = await getAccountRatings(server.url, server.user.username, server.accessToken, 200, { rating: 'dislike' })
 156     ratings = res.body
 157     expect(ratings.data.length).to.equal(0)
 158     await getAccountRatings(server.url, server.user.username, server.accessToken, 400, { rating: 'invalid' })
 159   })
 160
 161   it('Should not access ratings list if not logged with correct user', async function () {
 162     const user = { username: 'anuragh', password: 'passbyme' }
 163     const resUser = await createUser(server.url, server.accessToken, user.username, user.password)
 164     const userId = resUser.body.user.id
 165     const userAccessToken = await userLogin(server, user)
 166     await getAccountRatings(server.url, server.user.username, userAccessToken, 403)
 167     await removeUser(server.url, userId, server.accessToken)
 168   })
 169
 170   it('Should not be able to remove the video with an incorrect token', async function () {
 171     await removeVideo(server.url, 'bad_token', videoId, 401)
 172   })
 173
 174   it('Should not be able to remove the video with the token of another account')
 175
 176   it('Should be able to remove the video with the correct token', async function () {
 177     await removeVideo(server.url, accessToken, videoId)
 178   })
 179
 180   it('Should logout (revoke token)')
 181
 182   it('Should not be able to get the user information')
 183
 184   it('Should not be able to upload a video')
 185
 186   it('Should not be able to remove a video')
 187
 188   it('Should not be able to rate a video', async function () {
 189     const path = '/api/v1/videos/'
 190     const data = {
 191       rating: 'likes'
 192     }
 193
 194     const options = {
 195       url: server.url,
 196       path: path + videoId,
 197       token: 'wrong token',
 198       fields: data,
 199       statusCodeExpected: 401
 200     }
 201     await makePutBodyRequest(options)
 202   })
 203
 204   it('Should be able to login again')
 205
 206   it('Should have an expired access token')
 207
 208   it('Should refresh the token')
 209
 210   it('Should be able to upload a video again')
 211
 212   it('Should be able to create a new user', async function () {
 213     await createUser(server.url, accessToken, user.username, user.password, 2 * 1024 * 1024)
 214   })
 215
 216   it('Should be able to login with this user', async function () {
 217     accessTokenUser = await userLogin(server, user)
 218   })
 219
 220   it('Should be able to get the user information', async function () {
 221     const res = await getMyUserInformation(server.url, accessTokenUser)
 222     const user = res.body
 223
 224     expect(user.username).to.equal('user_1')
 225     expect(user.email).to.equal('user_1@example.com')
 226     expect(user.nsfwPolicy).to.equal('display')
 227     expect(user.videoQuota).to.equal(2 * 1024 * 1024)
 228     expect(user.roleLabel).to.equal('User')
 229     expect(user.id).to.be.a('number')
 230     expect(user.account.displayName).to.equal('user_1')
 231     expect(user.account.description).to.be.null
 232   })
 233
 234   it('Should be able to upload a video with this user', async function () {
 235     this.timeout(5000)
 236
 237     const videoAttributes = {
 238       name: 'super user video',
 239       fixture: 'video_short.webm'
 240     }
 241     await uploadVideo(server.url, accessTokenUser, videoAttributes)
 242   })
 243
 244   it('Should have video quota updated', async function () {
 245     const res = await getMyUserVideoQuotaUsed(server.url, accessTokenUser)
 246     const data = res.body
 247
 248     expect(data.videoQuotaUsed).to.equal(218910)
 249
 250     const resUsers = await getUsersList(server.url, server.accessToken)
 251
 252     const users: User[] = resUsers.body.data
 253     const tmpUser = users.find(u => u.username === user.username)
 254     expect(tmpUser.videoQuotaUsed).to.equal(218910)
 255   })
 256
 257   it('Should be able to list my videos', async function () {
 258     const res = await getMyVideos(server.url, accessTokenUser, 0, 5)
 259     expect(res.body.total).to.equal(1)
 260
 261     const videos = res.body.data
 262     expect(videos).to.have.lengthOf(1)
 263
 264     expect(videos[ 0 ].name).to.equal('super user video')
 265   })
 266
 267   it('Should list all the users', async function () {
 268     const res = await getUsersList(server.url, server.accessToken)
 269     const result = res.body
 270     const total = result.total
 271     const users = result.data
 272
 273     expect(total).to.equal(2)
 274     expect(users).to.be.an('array')
 275     expect(users.length).to.equal(2)
 276
 277     const user = users[ 0 ]
 278     expect(user.username).to.equal('user_1')
 279     expect(user.email).to.equal('user_1@example.com')
 280     expect(user.nsfwPolicy).to.equal('display')
 281
 282     const rootUser = users[ 1 ]
 283     expect(rootUser.username).to.equal('root')
 284     expect(rootUser.email).to.equal('admin1@example.com')
 285     expect(user.nsfwPolicy).to.equal('display')
 286
 287     userId = user.id
 288   })
 289
 290   it('Should list only the first user by username asc', async function () {
 291     const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 1, 'username')
 292
 293     const result = res.body
 294     const total = result.total
 295     const users = result.data
 296
 297     expect(total).to.equal(2)
 298     expect(users.length).to.equal(1)
 299
 300     const user = users[ 0 ]
 301     expect(user.username).to.equal('root')
 302     expect(user.email).to.equal('admin1@example.com')
 303     expect(user.roleLabel).to.equal('Administrator')
 304     expect(user.nsfwPolicy).to.equal('display')
 305   })
 306
 307   it('Should list only the first user by username desc', async function () {
 308     const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 1, '-username')
 309     const result = res.body
 310     const total = result.total
 311     const users = result.data
 312
 313     expect(total).to.equal(2)
 314     expect(users.length).to.equal(1)
 315
 316     const user = users[ 0 ]
 317     expect(user.username).to.equal('user_1')
 318     expect(user.email).to.equal('user_1@example.com')
 319     expect(user.nsfwPolicy).to.equal('display')
 320   })
 321
 322   it('Should list only the second user by createdAt desc', async function () {
 323     const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 1, '-createdAt')
 324     const result = res.body
 325     const total = result.total
 326     const users = result.data
 327
 328     expect(total).to.equal(2)
 329     expect(users.length).to.equal(1)
 330
 331     const user = users[ 0 ]
 332     expect(user.username).to.equal('user_1')
 333     expect(user.email).to.equal('user_1@example.com')
 334     expect(user.nsfwPolicy).to.equal('display')
 335   })
 336
 337   it('Should list all the users by createdAt asc', async function () {
 338     const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 2, 'createdAt')
 339     const result = res.body
 340     const total = result.total
 341     const users = result.data
 342
 343     expect(total).to.equal(2)
 344     expect(users.length).to.equal(2)
 345
 346     expect(users[ 0 ].username).to.equal('root')
 347     expect(users[ 0 ].email).to.equal('admin1@example.com')
 348     expect(users[ 0 ].nsfwPolicy).to.equal('display')
 349
 350     expect(users[ 1 ].username).to.equal('user_1')
 351     expect(users[ 1 ].email).to.equal('user_1@example.com')
 352     expect(users[ 1 ].nsfwPolicy).to.equal('display')
 353   })
 354
 355   it('Should search user by username', async function () {
 356     const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 2, 'createdAt', 'oot')
 357     const users = res.body.data as User[]
 358
 359     expect(res.body.total).to.equal(1)
 360     expect(users.length).to.equal(1)
 361
 362     expect(users[ 0 ].username).to.equal('root')
 363   })
 364
 365   it('Should search user by email', async function () {
 366     {
 367       const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 2, 'createdAt', 'r_1@exam')
 368       const users = res.body.data as User[]
 369
 370       expect(res.body.total).to.equal(1)
 371       expect(users.length).to.equal(1)
 372
 373       expect(users[ 0 ].username).to.equal('user_1')
 374       expect(users[ 0 ].email).to.equal('user_1@example.com')
 375     }
 376
 377     {
 378       const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 2, 'createdAt', 'example')
 379       const users = res.body.data as User[]
 380
 381       expect(res.body.total).to.equal(2)
 382       expect(users.length).to.equal(2)
 383
 384       expect(users[ 0 ].username).to.equal('root')
 385       expect(users[ 1 ].username).to.equal('user_1')
 386     }
 387   })
 388
 389   it('Should update my password', async function () {
 390     await updateMyUser({
 391       url: server.url,
 392       accessToken: accessTokenUser,
 393       currentPassword: 'super password',
 394       newPassword: 'new password'
 395     })
 396     user.password = 'new password'
 397
 398     await userLogin(server, user, 200)
 399   })
 400
 401   it('Should be able to change the NSFW display attribute', async function () {
 402     await updateMyUser({
 403       url: server.url,
 404       accessToken: accessTokenUser,
 405       nsfwPolicy: 'do_not_list'
 406     })
 407
 408     const res = await getMyUserInformation(server.url, accessTokenUser)
 409     const user = res.body
 410
 411     expect(user.username).to.equal('user_1')
 412     expect(user.email).to.equal('user_1@example.com')
 413     expect(user.nsfwPolicy).to.equal('do_not_list')
 414     expect(user.videoQuota).to.equal(2 * 1024 * 1024)
 415     expect(user.id).to.be.a('number')
 416     expect(user.account.displayName).to.equal('user_1')
 417     expect(user.account.description).to.be.null
 418   })
 419
 420   it('Should be able to change the autoPlayVideo attribute', async function () {
 421     await updateMyUser({
 422       url: server.url,
 423       accessToken: accessTokenUser,
 424       autoPlayVideo: false
 425     })
 426
 427     const res = await getMyUserInformation(server.url, accessTokenUser)
 428     const user = res.body
 429
 430     expect(user.autoPlayVideo).to.be.false
 431   })
 432
 433   it('Should be able to change the email display attribute', async function () {
 434     await updateMyUser({
 435       url: server.url,
 436       accessToken: accessTokenUser,
 437       email: 'updated@example.com'
 438     })
 439
 440     const res = await getMyUserInformation(server.url, accessTokenUser)
 441     const user = res.body
 442
 443     expect(user.username).to.equal('user_1')
 444     expect(user.email).to.equal('updated@example.com')
 445     expect(user.nsfwPolicy).to.equal('do_not_list')
 446     expect(user.videoQuota).to.equal(2 * 1024 * 1024)
 447     expect(user.id).to.be.a('number')
 448     expect(user.account.displayName).to.equal('user_1')
 449     expect(user.account.description).to.be.null
 450   })
 451
 452   it('Should be able to update my avatar', async function () {
 453     const fixture = 'avatar.png'
 454
 455     await updateMyAvatar({
 456       url: server.url,
 457       accessToken: accessTokenUser,
 458       fixture
 459     })
 460
 461     const res = await getMyUserInformation(server.url, accessTokenUser)
 462     const user = res.body
 463
 464     await testImage(server.url, 'avatar-resized', user.account.avatar.path, '.png')
 465   })
 466
 467   it('Should be able to update my display name', async function () {
 468     await updateMyUser({
 469       url: server.url,
 470       accessToken: accessTokenUser,
 471       displayName: 'new display name'
 472     })
 473
 474     const res = await getMyUserInformation(server.url, accessTokenUser)
 475     const user = res.body
 476
 477     expect(user.username).to.equal('user_1')
 478     expect(user.email).to.equal('updated@example.com')
 479     expect(user.nsfwPolicy).to.equal('do_not_list')
 480     expect(user.videoQuota).to.equal(2 * 1024 * 1024)
 481     expect(user.id).to.be.a('number')
 482     expect(user.account.displayName).to.equal('new display name')
 483     expect(user.account.description).to.be.null
 484   })
 485
 486   it('Should be able to update my description', async function () {
 487     await updateMyUser({
 488       url: server.url,
 489       accessToken: accessTokenUser,
 490       description: 'my super description updated'
 491     })
 492
 493     const res = await getMyUserInformation(server.url, accessTokenUser)
 494     const user = res.body
 495
 496     expect(user.username).to.equal('user_1')
 497     expect(user.email).to.equal('updated@example.com')
 498     expect(user.nsfwPolicy).to.equal('do_not_list')
 499     expect(user.videoQuota).to.equal(2 * 1024 * 1024)
 500     expect(user.id).to.be.a('number')
 501     expect(user.account.displayName).to.equal('new display name')
 502     expect(user.account.description).to.equal('my super description updated')
 503   })
 504
 505   it('Should be able to update another user', async function () {
 506     await updateUser({
 507       url: server.url,
 508       userId,
 509       accessToken,
 510       email: 'updated2@example.com',
 511       emailVerified: true,
 512       videoQuota: 42,
 513       role: UserRole.MODERATOR
 514     })
 515
 516     const res = await getUserInformation(server.url, accessToken, userId)
 517     const user = res.body
 518
 519     expect(user.username).to.equal('user_1')
 520     expect(user.email).to.equal('updated2@example.com')
 521     expect(user.emailVerified).to.be.true
 522     expect(user.nsfwPolicy).to.equal('do_not_list')
 523     expect(user.videoQuota).to.equal(42)
 524     expect(user.roleLabel).to.equal('Moderator')
 525     expect(user.id).to.be.a('number')
 526   })
 527
 528   it('Should have removed the user token', async function () {
 529     await getMyUserVideoQuotaUsed(server.url, accessTokenUser, 401)
 530
 531     accessTokenUser = await userLogin(server, user)
 532   })
 533
 534   it('Should be able to update another user password', async function () {
 535     await updateUser({
 536       url: server.url,
 537       userId,
 538       accessToken,
 539       password: 'password updated'
 540     })
 541
 542     await getMyUserVideoQuotaUsed(server.url, accessTokenUser, 401)
 543
 544     await userLogin(server, user, 400)
 545
 546     user.password = 'password updated'
 547     accessTokenUser = await userLogin(server, user)
 548   })
 549
 550   it('Should be able to list video blacklist by a moderator', async function () {
 551     await getBlacklistedVideosList(server.url, accessTokenUser)
 552   })
 553
 554   it('Should be able to remove this user', async function () {
 555     await removeUser(server.url, userId, accessToken)
 556   })
 557
 558   it('Should not be able to login with this user', async function () {
 559     await userLogin(server, user, 400)
 560   })
 561
 562   it('Should not have videos of this user', async function () {
 563     const res = await getVideosList(server.url)
 564
 565     expect(res.body.total).to.equal(1)
 566
 567     const video = res.body.data[ 0 ]
 568     expect(video.account.name).to.equal('root')
 569   })
 570
 571   it('Should register a new user', async function () {
 572     await registerUser(server.url, 'user_15', 'my super password')
 573   })
 574
 575   it('Should be able to login with this registered user', async function () {
 576     const user15 = {
 577       username: 'user_15',
 578       password: 'my super password'
 579     }
 580
 581     accessToken = await userLogin(server, user15)
 582   })
 583
 584   it('Should have the correct video quota', async function () {
 585     const res = await getMyUserInformation(server.url, accessToken)
 586     const user = res.body
 587
 588     expect(user.videoQuota).to.equal(5 * 1024 * 1024)
 589   })
 590
 591   it('Should remove me', async function () {
 592     {
 593       const res = await getUsersList(server.url, server.accessToken)
 594       expect(res.body.data.find(u => u.username === 'user_15')).to.not.be.undefined
 595     }
 596
 597     await deleteMe(server.url, accessToken)
 598
 599     {
 600       const res = await getUsersList(server.url, server.accessToken)
 601       expect(res.body.data.find(u => u.username === 'user_15')).to.be.undefined
 602     }
 603   })
 604
 605   it('Should block and unblock a user', async function () {
 606     const user16 = {
 607       username: 'user_16',
 608       password: 'my super password'
 609     }
 610     const resUser = await createUser(server.url, server.accessToken, user16.username, user16.password)
 611     const user16Id = resUser.body.user.id
 612
 613     accessToken = await userLogin(server, user16)
 614
 615     await getMyUserInformation(server.url, accessToken, 200)
 616     await blockUser(server.url, user16Id, server.accessToken)
 617
 618     await getMyUserInformation(server.url, accessToken, 401)
 619     await userLogin(server, user16, 400)
 620
 621     await unblockUser(server.url, user16Id, server.accessToken)
 622     accessToken = await userLogin(server, user16)
 623     await getMyUserInformation(server.url, accessToken, 200)
 624   })
 625
 626   after(async function () {
 627     killallServers([ server ])
 628
 629     // Keep the logs if the test failed
 630     if (this[ 'ok' ]) {
 631       await flushTests()
 632     }
 633   })
 634 })