server/tests/api/users/users.ts

   1 /* tslint:disable:no-unused-expression */
   2
   3 import * as chai from 'chai'
   4 import 'mocha'
   5 import { User, UserRole, Video } from '../../../../shared/index'
   6 import {
   7   blockUser,
   8   cleanupTests,
   9   createUser,
  10   deleteMe,
  11   flushAndRunServer,
  12   getAccountRatings,
  13   getBlacklistedVideosList,
  14   getMyUserInformation,
  15   getMyUserVideoQuotaUsed,
  16   getMyUserVideoRating,
  17   getUserInformation,
  18   getUsersList,
  19   getUsersListPaginationAndSort,
  20   getVideoChannel,
  21   getVideosList,
  22   login,
  23   makePutBodyRequest,
  24   rateVideo,
  25   registerUserWithChannel,
  26   removeUser,
  27   removeVideo,
  28   ServerInfo,
  29   testImage,
  30   unblockUser,
  31   updateMyAvatar,
  32   updateMyUser,
  33   updateUser,
  34   uploadVideo,
  35   userLogin
  36 } from '../../../../shared/extra-utils'
  37 import { follow } from '../../../../shared/extra-utils/server/follows'
  38 import { setAccessTokensToServers } from '../../../../shared/extra-utils/users/login'
  39 import { getMyVideos } from '../../../../shared/extra-utils/videos/videos'
  40 import { UserAdminFlag } from '../../../../shared/models/users/user-flag.model'
  41
  42 const expect = chai.expect
  43
  44 describe('Test users', function () {
  45   let server: ServerInfo
  46   let accessToken: string
  47   let accessTokenUser: string
  48   let videoId: number
  49   let userId: number
  50   const user = {
  51     username: 'user_1',
  52     password: 'super password'
  53   }
  54
  55   before(async function () {
  56     this.timeout(30000)
  57     server = await flushAndRunServer(1)
  58
  59     await setAccessTokensToServers([ server ])
  60   })
  61
  62   describe('OAuth client', function () {
  63     it('Should create a new client')
  64
  65     it('Should return the first client')
  66
  67     it('Should remove the last client')
  68
  69     it('Should not login with an invalid client id', async function () {
  70       const client = { id: 'client', secret: server.client.secret }
  71       const res = await login(server.url, client, server.user, 400)
  72
  73       expect(res.body.error).to.contain('client is invalid')
  74     })
  75
  76     it('Should not login with an invalid client secret', async function () {
  77       const client = { id: server.client.id, secret: 'coucou' }
  78       const res = await login(server.url, client, server.user, 400)
  79
  80       expect(res.body.error).to.contain('client is invalid')
  81     })
  82   })
  83
  84   describe('Login', function () {
  85
  86     it('Should not login with an invalid username', async function () {
  87       const user = { username: 'captain crochet', password: server.user.password }
  88       const res = await login(server.url, server.client, user, 400)
  89
  90       expect(res.body.error).to.contain('credentials are invalid')
  91     })
  92
  93     it('Should not login with an invalid password', async function () {
  94       const user = { username: server.user.username, password: 'mew_three' }
  95       const res = await login(server.url, server.client, user, 400)
  96
  97       expect(res.body.error).to.contain('credentials are invalid')
  98     })
  99
 100     it('Should not be able to upload a video', async function () {
 101       accessToken = 'my_super_token'
 102
 103       const videoAttributes = {}
 104       await uploadVideo(server.url, accessToken, videoAttributes, 401)
 105     })
 106
 107     it('Should not be able to follow', async function () {
 108       accessToken = 'my_super_token'
 109       await follow(server.url, [ 'http://example.com' ], accessToken, 401)
 110     })
 111
 112     it('Should not be able to unfollow')
 113
 114     it('Should be able to login', async function () {
 115       const res = await login(server.url, server.client, server.user, 200)
 116
 117       accessToken = res.body.access_token
 118     })
 119
 120     it('Should be able to login with an insensitive username', async function () {
 121       const user = { username: 'RoOt', password: server.user.password }
 122       const res = await login(server.url, server.client, user, 200)
 123
 124       const user2 = { username: 'rOoT', password: server.user.password }
 125       const res2 = await login(server.url, server.client, user2, 200)
 126
 127       const user3 = { username: 'ROOt', password: server.user.password }
 128       const res3 = await login(server.url, server.client, user3, 200)
 129     })
 130   })
 131
 132   describe('Upload', function () {
 133
 134     it('Should upload the video with the correct token', async function () {
 135       const videoAttributes = {}
 136       await uploadVideo(server.url, accessToken, videoAttributes)
 137       const res = await getVideosList(server.url)
 138       const video = res.body.data[ 0 ]
 139
 140       expect(video.account.name).to.equal('root')
 141       videoId = video.id
 142     })
 143
 144     it('Should upload the video again with the correct token', async function () {
 145       const videoAttributes = {}
 146       await uploadVideo(server.url, accessToken, videoAttributes)
 147     })
 148   })
 149
 150   describe('Ratings', function () {
 151
 152     it('Should retrieve a video rating', async function () {
 153       await rateVideo(server.url, accessToken, videoId, 'like')
 154       const res = await getMyUserVideoRating(server.url, accessToken, videoId)
 155       const rating = res.body
 156
 157       expect(rating.videoId).to.equal(videoId)
 158       expect(rating.rating).to.equal('like')
 159     })
 160
 161     it('Should retrieve ratings list', async function () {
 162       await rateVideo(server.url, accessToken, videoId, 'like')
 163
 164       const res = await getAccountRatings(server.url, server.user.username, server.accessToken, null, 200)
 165       const ratings = res.body
 166
 167       expect(ratings.total).to.equal(1)
 168       expect(ratings.data[ 0 ].video.id).to.equal(videoId)
 169       expect(ratings.data[ 0 ].rating).to.equal('like')
 170     })
 171
 172     it('Should retrieve ratings list by rating type', async function () {
 173       {
 174         const res = await getAccountRatings(server.url, server.user.username, server.accessToken, 'like')
 175         const ratings = res.body
 176         expect(ratings.data.length).to.equal(1)
 177       }
 178
 179       {
 180         const res = await getAccountRatings(server.url, server.user.username, server.accessToken, 'dislike')
 181         const ratings = res.body
 182         expect(ratings.data.length).to.equal(0)
 183       }
 184     })
 185   })
 186
 187   describe('Remove video', function () {
 188     it('Should not be able to remove the video with an incorrect token', async function () {
 189       await removeVideo(server.url, 'bad_token', videoId, 401)
 190     })
 191
 192     it('Should not be able to remove the video with the token of another account')
 193
 194     it('Should be able to remove the video with the correct token', async function () {
 195       await removeVideo(server.url, accessToken, videoId)
 196     })
 197   })
 198
 199   describe('Logout', function () {
 200     it('Should logout (revoke token)')
 201
 202     it('Should not be able to get the user information')
 203
 204     it('Should not be able to upload a video')
 205
 206     it('Should not be able to remove a video')
 207
 208     it('Should not be able to rate a video', async function () {
 209       const path = '/api/v1/videos/'
 210       const data = {
 211         rating: 'likes'
 212       }
 213
 214       const options = {
 215         url: server.url,
 216         path: path + videoId,
 217         token: 'wrong token',
 218         fields: data,
 219         statusCodeExpected: 401
 220       }
 221       await makePutBodyRequest(options)
 222     })
 223
 224     it('Should be able to login again')
 225
 226     it('Should have an expired access token')
 227
 228     it('Should refresh the token')
 229
 230     it('Should be able to upload a video again')
 231   })
 232
 233   describe('Creating a user', function () {
 234
 235     it('Should be able to create a new user', async function () {
 236       await createUser({
 237         url: server.url,
 238         accessToken: accessToken,
 239         username: user.username,
 240         password: user.password,
 241         videoQuota: 2 * 1024 * 1024,
 242         adminFlags: UserAdminFlag.BY_PASS_VIDEO_AUTO_BLACKLIST
 243       })
 244     })
 245
 246     it('Should be able to login with this user', async function () {
 247       accessTokenUser = await userLogin(server, user)
 248     })
 249
 250     it('Should be able to get user information', async function () {
 251       const res1 = await getMyUserInformation(server.url, accessTokenUser)
 252       const userMe: User = res1.body
 253
 254       const res2 = await getUserInformation(server.url, server.accessToken, userMe.id)
 255       const userGet: User = res2.body
 256
 257       for (const user of [ userMe, userGet ]) {
 258         expect(user.username).to.equal('user_1')
 259         expect(user.email).to.equal('user_1@example.com')
 260         expect(user.nsfwPolicy).to.equal('display')
 261         expect(user.videoQuota).to.equal(2 * 1024 * 1024)
 262         expect(user.roleLabel).to.equal('User')
 263         expect(user.id).to.be.a('number')
 264         expect(user.account.displayName).to.equal('user_1')
 265         expect(user.account.description).to.be.null
 266       }
 267
 268       expect(userMe.adminFlags).to.be.undefined
 269       expect(userGet.adminFlags).to.equal(UserAdminFlag.BY_PASS_VIDEO_AUTO_BLACKLIST)
 270     })
 271   })
 272
 273   describe('My videos & quotas', function () {
 274
 275     it('Should be able to upload a video with this user', async function () {
 276       this.timeout(5000)
 277
 278       const videoAttributes = {
 279         name: 'super user video',
 280         fixture: 'video_short.webm'
 281       }
 282       await uploadVideo(server.url, accessTokenUser, videoAttributes)
 283     })
 284
 285     it('Should have video quota updated', async function () {
 286       const res = await getMyUserVideoQuotaUsed(server.url, accessTokenUser)
 287       const data = res.body
 288
 289       expect(data.videoQuotaUsed).to.equal(218910)
 290
 291       const resUsers = await getUsersList(server.url, server.accessToken)
 292
 293       const users: User[] = resUsers.body.data
 294       const tmpUser = users.find(u => u.username === user.username)
 295       expect(tmpUser.videoQuotaUsed).to.equal(218910)
 296     })
 297
 298     it('Should be able to list my videos', async function () {
 299       const res = await getMyVideos(server.url, accessTokenUser, 0, 5)
 300       expect(res.body.total).to.equal(1)
 301
 302       const videos = res.body.data
 303       expect(videos).to.have.lengthOf(1)
 304
 305       const video: Video = videos[ 0 ]
 306       expect(video.name).to.equal('super user video')
 307       expect(video.thumbnailPath).to.not.be.null
 308       expect(video.previewPath).to.not.be.null
 309     })
 310   })
 311
 312   describe('Users listing', function () {
 313
 314     it('Should list all the users', async function () {
 315       const res = await getUsersList(server.url, server.accessToken)
 316       const result = res.body
 317       const total = result.total
 318       const users = result.data
 319
 320       expect(total).to.equal(2)
 321       expect(users).to.be.an('array')
 322       expect(users.length).to.equal(2)
 323
 324       const user = users[ 0 ]
 325       expect(user.username).to.equal('user_1')
 326       expect(user.email).to.equal('user_1@example.com')
 327       expect(user.nsfwPolicy).to.equal('display')
 328
 329       const rootUser = users[ 1 ]
 330       expect(rootUser.username).to.equal('root')
 331       expect(rootUser.email).to.equal('admin' + server.internalServerNumber + '@example.com')
 332       expect(user.nsfwPolicy).to.equal('display')
 333
 334       userId = user.id
 335     })
 336
 337     it('Should list only the first user by username asc', async function () {
 338       const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 1, 'username')
 339
 340       const result = res.body
 341       const total = result.total
 342       const users = result.data
 343
 344       expect(total).to.equal(2)
 345       expect(users.length).to.equal(1)
 346
 347       const user = users[ 0 ]
 348       expect(user.username).to.equal('root')
 349       expect(user.email).to.equal('admin' + server.internalServerNumber + '@example.com')
 350       expect(user.roleLabel).to.equal('Administrator')
 351       expect(user.nsfwPolicy).to.equal('display')
 352     })
 353
 354     it('Should list only the first user by username desc', async function () {
 355       const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 1, '-username')
 356       const result = res.body
 357       const total = result.total
 358       const users = result.data
 359
 360       expect(total).to.equal(2)
 361       expect(users.length).to.equal(1)
 362
 363       const user = users[ 0 ]
 364       expect(user.username).to.equal('user_1')
 365       expect(user.email).to.equal('user_1@example.com')
 366       expect(user.nsfwPolicy).to.equal('display')
 367     })
 368
 369     it('Should list only the second user by createdAt desc', async function () {
 370       const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 1, '-createdAt')
 371       const result = res.body
 372       const total = result.total
 373       const users = result.data
 374
 375       expect(total).to.equal(2)
 376       expect(users.length).to.equal(1)
 377
 378       const user = users[ 0 ]
 379       expect(user.username).to.equal('user_1')
 380       expect(user.email).to.equal('user_1@example.com')
 381       expect(user.nsfwPolicy).to.equal('display')
 382     })
 383
 384     it('Should list all the users by createdAt asc', async function () {
 385       const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 2, 'createdAt')
 386       const result = res.body
 387       const total = result.total
 388       const users = result.data
 389
 390       expect(total).to.equal(2)
 391       expect(users.length).to.equal(2)
 392
 393       expect(users[ 0 ].username).to.equal('root')
 394       expect(users[ 0 ].email).to.equal('admin' + server.internalServerNumber + '@example.com')
 395       expect(users[ 0 ].nsfwPolicy).to.equal('display')
 396
 397       expect(users[ 1 ].username).to.equal('user_1')
 398       expect(users[ 1 ].email).to.equal('user_1@example.com')
 399       expect(users[ 1 ].nsfwPolicy).to.equal('display')
 400     })
 401
 402     it('Should search user by username', async function () {
 403       const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 2, 'createdAt', 'oot')
 404       const users = res.body.data as User[]
 405
 406       expect(res.body.total).to.equal(1)
 407       expect(users.length).to.equal(1)
 408
 409       expect(users[ 0 ].username).to.equal('root')
 410     })
 411
 412     it('Should search user by email', async function () {
 413       {
 414         const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 2, 'createdAt', 'r_1@exam')
 415         const users = res.body.data as User[]
 416
 417         expect(res.body.total).to.equal(1)
 418         expect(users.length).to.equal(1)
 419
 420         expect(users[ 0 ].username).to.equal('user_1')
 421         expect(users[ 0 ].email).to.equal('user_1@example.com')
 422       }
 423
 424       {
 425         const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 2, 'createdAt', 'example')
 426         const users = res.body.data as User[]
 427
 428         expect(res.body.total).to.equal(2)
 429         expect(users.length).to.equal(2)
 430
 431         expect(users[ 0 ].username).to.equal('root')
 432         expect(users[ 1 ].username).to.equal('user_1')
 433       }
 434     })
 435   })
 436
 437   describe('Update my account', function () {
 438     it('Should update my password', async function () {
 439       await updateMyUser({
 440         url: server.url,
 441         accessToken: accessTokenUser,
 442         currentPassword: 'super password',
 443         newPassword: 'new password'
 444       })
 445       user.password = 'new password'
 446
 447       await userLogin(server, user, 200)
 448     })
 449
 450     it('Should be able to change the NSFW display attribute', async function () {
 451       await updateMyUser({
 452         url: server.url,
 453         accessToken: accessTokenUser,
 454         nsfwPolicy: 'do_not_list'
 455       })
 456
 457       const res = await getMyUserInformation(server.url, accessTokenUser)
 458       const user = res.body
 459
 460       expect(user.username).to.equal('user_1')
 461       expect(user.email).to.equal('user_1@example.com')
 462       expect(user.nsfwPolicy).to.equal('do_not_list')
 463       expect(user.videoQuota).to.equal(2 * 1024 * 1024)
 464       expect(user.id).to.be.a('number')
 465       expect(user.account.displayName).to.equal('user_1')
 466       expect(user.account.description).to.be.null
 467     })
 468
 469     it('Should be able to change the autoPlayVideo attribute', async function () {
 470       await updateMyUser({
 471         url: server.url,
 472         accessToken: accessTokenUser,
 473         autoPlayVideo: false
 474       })
 475
 476       const res = await getMyUserInformation(server.url, accessTokenUser)
 477       const user = res.body
 478
 479       expect(user.autoPlayVideo).to.be.false
 480     })
 481
 482     it('Should be able to change the email attribute', async function () {
 483       await updateMyUser({
 484         url: server.url,
 485         accessToken: accessTokenUser,
 486         currentPassword: 'new password',
 487         email: 'updated@example.com'
 488       })
 489
 490       const res = await getMyUserInformation(server.url, accessTokenUser)
 491       const user = res.body
 492
 493       expect(user.username).to.equal('user_1')
 494       expect(user.email).to.equal('updated@example.com')
 495       expect(user.nsfwPolicy).to.equal('do_not_list')
 496       expect(user.videoQuota).to.equal(2 * 1024 * 1024)
 497       expect(user.id).to.be.a('number')
 498       expect(user.account.displayName).to.equal('user_1')
 499       expect(user.account.description).to.be.null
 500     })
 501
 502     it('Should be able to update my avatar', async function () {
 503       const fixture = 'avatar.png'
 504
 505       await updateMyAvatar({
 506         url: server.url,
 507         accessToken: accessTokenUser,
 508         fixture
 509       })
 510
 511       const res = await getMyUserInformation(server.url, accessTokenUser)
 512       const user = res.body
 513
 514       await testImage(server.url, 'avatar-resized', user.account.avatar.path, '.png')
 515     })
 516
 517     it('Should be able to update my display name', async function () {
 518       await updateMyUser({
 519         url: server.url,
 520         accessToken: accessTokenUser,
 521         displayName: 'new display name'
 522       })
 523
 524       const res = await getMyUserInformation(server.url, accessTokenUser)
 525       const user = res.body
 526
 527       expect(user.username).to.equal('user_1')
 528       expect(user.email).to.equal('updated@example.com')
 529       expect(user.nsfwPolicy).to.equal('do_not_list')
 530       expect(user.videoQuota).to.equal(2 * 1024 * 1024)
 531       expect(user.id).to.be.a('number')
 532       expect(user.account.displayName).to.equal('new display name')
 533       expect(user.account.description).to.be.null
 534     })
 535
 536     it('Should be able to update my description', async function () {
 537       await updateMyUser({
 538         url: server.url,
 539         accessToken: accessTokenUser,
 540         description: 'my super description updated'
 541       })
 542
 543       const res = await getMyUserInformation(server.url, accessTokenUser)
 544       const user = res.body
 545
 546       expect(user.username).to.equal('user_1')
 547       expect(user.email).to.equal('updated@example.com')
 548       expect(user.nsfwPolicy).to.equal('do_not_list')
 549       expect(user.videoQuota).to.equal(2 * 1024 * 1024)
 550       expect(user.id).to.be.a('number')
 551       expect(user.account.displayName).to.equal('new display name')
 552       expect(user.account.description).to.equal('my super description updated')
 553     })
 554   })
 555
 556   describe('Updating another user', function () {
 557
 558     it('Should be able to update another user', async function () {
 559       await updateUser({
 560         url: server.url,
 561         userId,
 562         accessToken,
 563         email: 'updated2@example.com',
 564         emailVerified: true,
 565         videoQuota: 42,
 566         role: UserRole.MODERATOR,
 567         adminFlags: UserAdminFlag.NONE
 568       })
 569
 570       const res = await getUserInformation(server.url, accessToken, userId)
 571       const user = res.body
 572
 573       expect(user.username).to.equal('user_1')
 574       expect(user.email).to.equal('updated2@example.com')
 575       expect(user.emailVerified).to.be.true
 576       expect(user.nsfwPolicy).to.equal('do_not_list')
 577       expect(user.videoQuota).to.equal(42)
 578       expect(user.roleLabel).to.equal('Moderator')
 579       expect(user.id).to.be.a('number')
 580       expect(user.adminFlags).to.equal(UserAdminFlag.NONE)
 581     })
 582
 583     it('Should have removed the user token', async function () {
 584       await getMyUserVideoQuotaUsed(server.url, accessTokenUser, 401)
 585
 586       accessTokenUser = await userLogin(server, user)
 587     })
 588
 589     it('Should be able to update another user password', async function () {
 590       await updateUser({
 591         url: server.url,
 592         userId,
 593         accessToken,
 594         password: 'password updated'
 595       })
 596
 597       await getMyUserVideoQuotaUsed(server.url, accessTokenUser, 401)
 598
 599       await userLogin(server, user, 400)
 600
 601       user.password = 'password updated'
 602       accessTokenUser = await userLogin(server, user)
 603     })
 604   })
 605
 606   describe('Video blacklists', function () {
 607     it('Should be able to list video blacklist by a moderator', async function () {
 608       await getBlacklistedVideosList({ url: server.url, token: accessTokenUser })
 609     })
 610   })
 611
 612   describe('Remove a user', function () {
 613     it('Should be able to remove this user', async function () {
 614       await removeUser(server.url, userId, accessToken)
 615     })
 616
 617     it('Should not be able to login with this user', async function () {
 618       await userLogin(server, user, 400)
 619     })
 620
 621     it('Should not have videos of this user', async function () {
 622       const res = await getVideosList(server.url)
 623
 624       expect(res.body.total).to.equal(1)
 625
 626       const video = res.body.data[ 0 ]
 627       expect(video.account.name).to.equal('root')
 628     })
 629   })
 630
 631   describe('Registering a new user', function () {
 632     it('Should register a new user', async function () {
 633       const user = { displayName: 'super user 15', username: 'user_15', password: 'my super password' }
 634       const channel = { name: 'my_user_15_channel', displayName: 'my channel rocks' }
 635
 636       await registerUserWithChannel({ url: server.url, user, channel })
 637     })
 638
 639     it('Should be able to login with this registered user', async function () {
 640       const user15 = {
 641         username: 'user_15',
 642         password: 'my super password'
 643       }
 644
 645       accessToken = await userLogin(server, user15)
 646     })
 647
 648     it('Should have the correct display name', async function () {
 649       const res = await getMyUserInformation(server.url, accessToken)
 650       const user: User = res.body
 651
 652       expect(user.account.displayName).to.equal('super user 15')
 653     })
 654
 655     it('Should have the correct video quota', async function () {
 656       const res = await getMyUserInformation(server.url, accessToken)
 657       const user = res.body
 658
 659       expect(user.videoQuota).to.equal(5 * 1024 * 1024)
 660     })
 661
 662     it('Should have created the channel', async function () {
 663       const res = await getVideoChannel(server.url, 'my_user_15_channel')
 664
 665       expect(res.body.displayName).to.equal('my channel rocks')
 666     })
 667
 668     it('Should remove me', async function () {
 669       {
 670         const res = await getUsersList(server.url, server.accessToken)
 671         expect(res.body.data.find(u => u.username === 'user_15')).to.not.be.undefined
 672       }
 673
 674       await deleteMe(server.url, accessToken)
 675
 676       {
 677         const res = await getUsersList(server.url, server.accessToken)
 678         expect(res.body.data.find(u => u.username === 'user_15')).to.be.undefined
 679       }
 680     })
 681   })
 682
 683   describe('User blocking', function () {
 684     it('Should block and unblock a user', async function () {
 685       const user16 = {
 686         username: 'user_16',
 687         password: 'my super password'
 688       }
 689       const resUser = await createUser({
 690         url: server.url,
 691         accessToken: server.accessToken,
 692         username: user16.username,
 693         password: user16.password
 694       })
 695       const user16Id = resUser.body.user.id
 696
 697       accessToken = await userLogin(server, user16)
 698
 699       await getMyUserInformation(server.url, accessToken, 200)
 700       await blockUser(server.url, user16Id, server.accessToken)
 701
 702       await getMyUserInformation(server.url, accessToken, 401)
 703       await userLogin(server, user16, 400)
 704
 705       await unblockUser(server.url, user16Id, server.accessToken)
 706       accessToken = await userLogin(server, user16)
 707       await getMyUserInformation(server.url, accessToken, 200)
 708     })
 709   })
 710
 711   after(async function () {
 712     await cleanupTests([ server ])
 713   })
 714 })