server/tests/api/users/users.ts

   1 /* tslint:disable:no-unused-expression */
   2
   3 import * as chai from 'chai'
   4 import 'mocha'
   5 import { User, UserRole } from '../../../../shared/index'
   6 import {
   7   blockUser,
   8   cleanupTests,
   9   createUser,
  10   deleteMe,
  11   flushAndRunServer,
  12   getAccountRatings,
  13   getBlacklistedVideosList,
  14   getMyUserInformation,
  15   getMyUserVideoQuotaUsed,
  16   getMyUserVideoRating,
  17   getUserInformation,
  18   getUsersList,
  19   getUsersListPaginationAndSort,
  20   getVideosList,
  21   login,
  22   makePutBodyRequest,
  23   rateVideo,
  24   registerUser,
  25   removeUser,
  26   removeVideo,
  27   ServerInfo,
  28   testImage,
  29   unblockUser,
  30   updateMyAvatar,
  31   updateMyUser,
  32   updateUser,
  33   uploadVideo,
  34   userLogin
  35 } from '../../../../shared/extra-utils'
  36 import { follow } from '../../../../shared/extra-utils/server/follows'
  37 import { setAccessTokensToServers } from '../../../../shared/extra-utils/users/login'
  38 import { getMyVideos } from '../../../../shared/extra-utils/videos/videos'
  39 import { UserAdminFlag } from '../../../../shared/models/users/user-flag.model'
  40
  41 const expect = chai.expect
  42
  43 describe('Test users', function () {
  44   let server: ServerInfo
  45   let accessToken: string
  46   let accessTokenUser: string
  47   let videoId: number
  48   let userId: number
  49   const user = {
  50     username: 'user_1',
  51     password: 'super password'
  52   }
  53
  54   before(async function () {
  55     this.timeout(30000)
  56     server = await flushAndRunServer(1)
  57
  58     await setAccessTokensToServers([ server ])
  59   })
  60
  61   describe('OAuth client', function () {
  62     it('Should create a new client')
  63
  64     it('Should return the first client')
  65
  66     it('Should remove the last client')
  67
  68     it('Should not login with an invalid client id', async function () {
  69       const client = { id: 'client', secret: server.client.secret }
  70       const res = await login(server.url, client, server.user, 400)
  71
  72       expect(res.body.error).to.contain('client is invalid')
  73     })
  74
  75     it('Should not login with an invalid client secret', async function () {
  76       const client = { id: server.client.id, secret: 'coucou' }
  77       const res = await login(server.url, client, server.user, 400)
  78
  79       expect(res.body.error).to.contain('client is invalid')
  80     })
  81   })
  82
  83   describe('Login', function () {
  84
  85     it('Should not login with an invalid username', async function () {
  86       const user = { username: 'captain crochet', password: server.user.password }
  87       const res = await login(server.url, server.client, user, 400)
  88
  89       expect(res.body.error).to.contain('credentials are invalid')
  90     })
  91
  92     it('Should not login with an invalid password', async function () {
  93       const user = { username: server.user.username, password: 'mew_three' }
  94       const res = await login(server.url, server.client, user, 400)
  95
  96       expect(res.body.error).to.contain('credentials are invalid')
  97     })
  98
  99     it('Should not be able to upload a video', async function () {
 100       accessToken = 'my_super_token'
 101
 102       const videoAttributes = {}
 103       await uploadVideo(server.url, accessToken, videoAttributes, 401)
 104     })
 105
 106     it('Should not be able to follow', async function () {
 107       accessToken = 'my_super_token'
 108       await follow(server.url, [ 'http://example.com' ], accessToken, 401)
 109     })
 110
 111     it('Should not be able to unfollow')
 112
 113     it('Should be able to login', async function () {
 114       const res = await login(server.url, server.client, server.user, 200)
 115
 116       accessToken = res.body.access_token
 117     })
 118   })
 119
 120   describe('Upload', function () {
 121
 122     it('Should upload the video with the correct token', async function () {
 123       const videoAttributes = {}
 124       await uploadVideo(server.url, accessToken, videoAttributes)
 125       const res = await getVideosList(server.url)
 126       const video = res.body.data[ 0 ]
 127
 128       expect(video.account.name).to.equal('root')
 129       videoId = video.id
 130     })
 131
 132     it('Should upload the video again with the correct token', async function () {
 133       const videoAttributes = {}
 134       await uploadVideo(server.url, accessToken, videoAttributes)
 135     })
 136   })
 137
 138   describe('Ratings', function () {
 139
 140     it('Should retrieve a video rating', async function () {
 141       await rateVideo(server.url, accessToken, videoId, 'like')
 142       const res = await getMyUserVideoRating(server.url, accessToken, videoId)
 143       const rating = res.body
 144
 145       expect(rating.videoId).to.equal(videoId)
 146       expect(rating.rating).to.equal('like')
 147     })
 148
 149     it('Should retrieve ratings list', async function () {
 150       await rateVideo(server.url, accessToken, videoId, 'like')
 151
 152       const res = await getAccountRatings(server.url, server.user.username, server.accessToken, null, 200)
 153       const ratings = res.body
 154
 155       expect(ratings.total).to.equal(1)
 156       expect(ratings.data[ 0 ].video.id).to.equal(videoId)
 157       expect(ratings.data[ 0 ].rating).to.equal('like')
 158     })
 159
 160     it('Should retrieve ratings list by rating type', async function () {
 161       {
 162         const res = await getAccountRatings(server.url, server.user.username, server.accessToken, 'like')
 163         const ratings = res.body
 164         expect(ratings.data.length).to.equal(1)
 165       }
 166
 167       {
 168         const res = await getAccountRatings(server.url, server.user.username, server.accessToken, 'dislike')
 169         const ratings = res.body
 170         expect(ratings.data.length).to.equal(0)
 171       }
 172     })
 173   })
 174
 175   describe('Remove video', function () {
 176     it('Should not be able to remove the video with an incorrect token', async function () {
 177       await removeVideo(server.url, 'bad_token', videoId, 401)
 178     })
 179
 180     it('Should not be able to remove the video with the token of another account')
 181
 182     it('Should be able to remove the video with the correct token', async function () {
 183       await removeVideo(server.url, accessToken, videoId)
 184     })
 185   })
 186
 187   describe('Logout', function () {
 188     it('Should logout (revoke token)')
 189
 190     it('Should not be able to get the user information')
 191
 192     it('Should not be able to upload a video')
 193
 194     it('Should not be able to remove a video')
 195
 196     it('Should not be able to rate a video', async function () {
 197       const path = '/api/v1/videos/'
 198       const data = {
 199         rating: 'likes'
 200       }
 201
 202       const options = {
 203         url: server.url,
 204         path: path + videoId,
 205         token: 'wrong token',
 206         fields: data,
 207         statusCodeExpected: 401
 208       }
 209       await makePutBodyRequest(options)
 210     })
 211
 212     it('Should be able to login again')
 213
 214     it('Should have an expired access token')
 215
 216     it('Should refresh the token')
 217
 218     it('Should be able to upload a video again')
 219   })
 220
 221   describe('Creating a user', function () {
 222
 223     it('Should be able to create a new user', async function () {
 224       await createUser({
 225         url: server.url,
 226         accessToken: accessToken,
 227         username: user.username,
 228         password: user.password,
 229         videoQuota: 2 * 1024 * 1024,
 230         adminFlags: UserAdminFlag.BY_PASS_VIDEO_AUTO_BLACKLIST
 231       })
 232     })
 233
 234     it('Should be able to login with this user', async function () {
 235       accessTokenUser = await userLogin(server, user)
 236     })
 237
 238     it('Should be able to get user information', async function () {
 239       const res1 = await getMyUserInformation(server.url, accessTokenUser)
 240       const userMe: User = res1.body
 241
 242       const res2 = await getUserInformation(server.url, server.accessToken, userMe.id)
 243       const userGet: User = res2.body
 244
 245       for (const user of [ userMe, userGet ]) {
 246         expect(user.username).to.equal('user_1')
 247         expect(user.email).to.equal('user_1@example.com')
 248         expect(user.nsfwPolicy).to.equal('display')
 249         expect(user.videoQuota).to.equal(2 * 1024 * 1024)
 250         expect(user.roleLabel).to.equal('User')
 251         expect(user.id).to.be.a('number')
 252         expect(user.account.displayName).to.equal('user_1')
 253         expect(user.account.description).to.be.null
 254       }
 255
 256       expect(userMe.adminFlags).to.be.undefined
 257       expect(userGet.adminFlags).to.equal(UserAdminFlag.BY_PASS_VIDEO_AUTO_BLACKLIST)
 258     })
 259   })
 260
 261   describe('My videos & quotas', function () {
 262
 263     it('Should be able to upload a video with this user', async function () {
 264       this.timeout(5000)
 265
 266       const videoAttributes = {
 267         name: 'super user video',
 268         fixture: 'video_short.webm'
 269       }
 270       await uploadVideo(server.url, accessTokenUser, videoAttributes)
 271     })
 272
 273     it('Should have video quota updated', async function () {
 274       const res = await getMyUserVideoQuotaUsed(server.url, accessTokenUser)
 275       const data = res.body
 276
 277       expect(data.videoQuotaUsed).to.equal(218910)
 278
 279       const resUsers = await getUsersList(server.url, server.accessToken)
 280
 281       const users: User[] = resUsers.body.data
 282       const tmpUser = users.find(u => u.username === user.username)
 283       expect(tmpUser.videoQuotaUsed).to.equal(218910)
 284     })
 285
 286     it('Should be able to list my videos', async function () {
 287       const res = await getMyVideos(server.url, accessTokenUser, 0, 5)
 288       expect(res.body.total).to.equal(1)
 289
 290       const videos = res.body.data
 291       expect(videos).to.have.lengthOf(1)
 292
 293       expect(videos[ 0 ].name).to.equal('super user video')
 294     })
 295   })
 296
 297   describe('Users listing', function () {
 298
 299     it('Should list all the users', async function () {
 300       const res = await getUsersList(server.url, server.accessToken)
 301       const result = res.body
 302       const total = result.total
 303       const users = result.data
 304
 305       expect(total).to.equal(2)
 306       expect(users).to.be.an('array')
 307       expect(users.length).to.equal(2)
 308
 309       const user = users[ 0 ]
 310       expect(user.username).to.equal('user_1')
 311       expect(user.email).to.equal('user_1@example.com')
 312       expect(user.nsfwPolicy).to.equal('display')
 313
 314       const rootUser = users[ 1 ]
 315       expect(rootUser.username).to.equal('root')
 316       expect(rootUser.email).to.equal('admin1@example.com')
 317       expect(user.nsfwPolicy).to.equal('display')
 318
 319       userId = user.id
 320     })
 321
 322     it('Should list only the first user by username asc', async function () {
 323       const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 1, 'username')
 324
 325       const result = res.body
 326       const total = result.total
 327       const users = result.data
 328
 329       expect(total).to.equal(2)
 330       expect(users.length).to.equal(1)
 331
 332       const user = users[ 0 ]
 333       expect(user.username).to.equal('root')
 334       expect(user.email).to.equal('admin1@example.com')
 335       expect(user.roleLabel).to.equal('Administrator')
 336       expect(user.nsfwPolicy).to.equal('display')
 337     })
 338
 339     it('Should list only the first user by username desc', async function () {
 340       const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 1, '-username')
 341       const result = res.body
 342       const total = result.total
 343       const users = result.data
 344
 345       expect(total).to.equal(2)
 346       expect(users.length).to.equal(1)
 347
 348       const user = users[ 0 ]
 349       expect(user.username).to.equal('user_1')
 350       expect(user.email).to.equal('user_1@example.com')
 351       expect(user.nsfwPolicy).to.equal('display')
 352     })
 353
 354     it('Should list only the second user by createdAt desc', async function () {
 355       const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 1, '-createdAt')
 356       const result = res.body
 357       const total = result.total
 358       const users = result.data
 359
 360       expect(total).to.equal(2)
 361       expect(users.length).to.equal(1)
 362
 363       const user = users[ 0 ]
 364       expect(user.username).to.equal('user_1')
 365       expect(user.email).to.equal('user_1@example.com')
 366       expect(user.nsfwPolicy).to.equal('display')
 367     })
 368
 369     it('Should list all the users by createdAt asc', async function () {
 370       const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 2, 'createdAt')
 371       const result = res.body
 372       const total = result.total
 373       const users = result.data
 374
 375       expect(total).to.equal(2)
 376       expect(users.length).to.equal(2)
 377
 378       expect(users[ 0 ].username).to.equal('root')
 379       expect(users[ 0 ].email).to.equal('admin1@example.com')
 380       expect(users[ 0 ].nsfwPolicy).to.equal('display')
 381
 382       expect(users[ 1 ].username).to.equal('user_1')
 383       expect(users[ 1 ].email).to.equal('user_1@example.com')
 384       expect(users[ 1 ].nsfwPolicy).to.equal('display')
 385     })
 386
 387     it('Should search user by username', async function () {
 388       const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 2, 'createdAt', 'oot')
 389       const users = res.body.data as User[]
 390
 391       expect(res.body.total).to.equal(1)
 392       expect(users.length).to.equal(1)
 393
 394       expect(users[ 0 ].username).to.equal('root')
 395     })
 396
 397     it('Should search user by email', async function () {
 398       {
 399         const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 2, 'createdAt', 'r_1@exam')
 400         const users = res.body.data as User[]
 401
 402         expect(res.body.total).to.equal(1)
 403         expect(users.length).to.equal(1)
 404
 405         expect(users[ 0 ].username).to.equal('user_1')
 406         expect(users[ 0 ].email).to.equal('user_1@example.com')
 407       }
 408
 409       {
 410         const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 2, 'createdAt', 'example')
 411         const users = res.body.data as User[]
 412
 413         expect(res.body.total).to.equal(2)
 414         expect(users.length).to.equal(2)
 415
 416         expect(users[ 0 ].username).to.equal('root')
 417         expect(users[ 1 ].username).to.equal('user_1')
 418       }
 419     })
 420   })
 421
 422   describe('Update my account', function () {
 423     it('Should update my password', async function () {
 424       await updateMyUser({
 425         url: server.url,
 426         accessToken: accessTokenUser,
 427         currentPassword: 'super password',
 428         newPassword: 'new password'
 429       })
 430       user.password = 'new password'
 431
 432       await userLogin(server, user, 200)
 433     })
 434
 435     it('Should be able to change the NSFW display attribute', async function () {
 436       await updateMyUser({
 437         url: server.url,
 438         accessToken: accessTokenUser,
 439         nsfwPolicy: 'do_not_list'
 440       })
 441
 442       const res = await getMyUserInformation(server.url, accessTokenUser)
 443       const user = res.body
 444
 445       expect(user.username).to.equal('user_1')
 446       expect(user.email).to.equal('user_1@example.com')
 447       expect(user.nsfwPolicy).to.equal('do_not_list')
 448       expect(user.videoQuota).to.equal(2 * 1024 * 1024)
 449       expect(user.id).to.be.a('number')
 450       expect(user.account.displayName).to.equal('user_1')
 451       expect(user.account.description).to.be.null
 452     })
 453
 454     it('Should be able to change the autoPlayVideo attribute', async function () {
 455       await updateMyUser({
 456         url: server.url,
 457         accessToken: accessTokenUser,
 458         autoPlayVideo: false
 459       })
 460
 461       const res = await getMyUserInformation(server.url, accessTokenUser)
 462       const user = res.body
 463
 464       expect(user.autoPlayVideo).to.be.false
 465     })
 466
 467     it('Should be able to change the email display attribute', async function () {
 468       await updateMyUser({
 469         url: server.url,
 470         accessToken: accessTokenUser,
 471         email: 'updated@example.com'
 472       })
 473
 474       const res = await getMyUserInformation(server.url, accessTokenUser)
 475       const user = res.body
 476
 477       expect(user.username).to.equal('user_1')
 478       expect(user.email).to.equal('updated@example.com')
 479       expect(user.nsfwPolicy).to.equal('do_not_list')
 480       expect(user.videoQuota).to.equal(2 * 1024 * 1024)
 481       expect(user.id).to.be.a('number')
 482       expect(user.account.displayName).to.equal('user_1')
 483       expect(user.account.description).to.be.null
 484     })
 485
 486     it('Should be able to update my avatar', async function () {
 487       const fixture = 'avatar.png'
 488
 489       await updateMyAvatar({
 490         url: server.url,
 491         accessToken: accessTokenUser,
 492         fixture
 493       })
 494
 495       const res = await getMyUserInformation(server.url, accessTokenUser)
 496       const user = res.body
 497
 498       await testImage(server.url, 'avatar-resized', user.account.avatar.path, '.png')
 499     })
 500
 501     it('Should be able to update my display name', async function () {
 502       await updateMyUser({
 503         url: server.url,
 504         accessToken: accessTokenUser,
 505         displayName: 'new display name'
 506       })
 507
 508       const res = await getMyUserInformation(server.url, accessTokenUser)
 509       const user = res.body
 510
 511       expect(user.username).to.equal('user_1')
 512       expect(user.email).to.equal('updated@example.com')
 513       expect(user.nsfwPolicy).to.equal('do_not_list')
 514       expect(user.videoQuota).to.equal(2 * 1024 * 1024)
 515       expect(user.id).to.be.a('number')
 516       expect(user.account.displayName).to.equal('new display name')
 517       expect(user.account.description).to.be.null
 518     })
 519
 520     it('Should be able to update my description', async function () {
 521       await updateMyUser({
 522         url: server.url,
 523         accessToken: accessTokenUser,
 524         description: 'my super description updated'
 525       })
 526
 527       const res = await getMyUserInformation(server.url, accessTokenUser)
 528       const user = res.body
 529
 530       expect(user.username).to.equal('user_1')
 531       expect(user.email).to.equal('updated@example.com')
 532       expect(user.nsfwPolicy).to.equal('do_not_list')
 533       expect(user.videoQuota).to.equal(2 * 1024 * 1024)
 534       expect(user.id).to.be.a('number')
 535       expect(user.account.displayName).to.equal('new display name')
 536       expect(user.account.description).to.equal('my super description updated')
 537     })
 538   })
 539
 540   describe('Updating another user', function () {
 541
 542     it('Should be able to update another user', async function () {
 543       await updateUser({
 544         url: server.url,
 545         userId,
 546         accessToken,
 547         email: 'updated2@example.com',
 548         emailVerified: true,
 549         videoQuota: 42,
 550         role: UserRole.MODERATOR,
 551         adminFlags: UserAdminFlag.NONE
 552       })
 553
 554       const res = await getUserInformation(server.url, accessToken, userId)
 555       const user = res.body
 556
 557       expect(user.username).to.equal('user_1')
 558       expect(user.email).to.equal('updated2@example.com')
 559       expect(user.emailVerified).to.be.true
 560       expect(user.nsfwPolicy).to.equal('do_not_list')
 561       expect(user.videoQuota).to.equal(42)
 562       expect(user.roleLabel).to.equal('Moderator')
 563       expect(user.id).to.be.a('number')
 564       expect(user.adminFlags).to.equal(UserAdminFlag.NONE)
 565     })
 566
 567     it('Should have removed the user token', async function () {
 568       await getMyUserVideoQuotaUsed(server.url, accessTokenUser, 401)
 569
 570       accessTokenUser = await userLogin(server, user)
 571     })
 572
 573     it('Should be able to update another user password', async function () {
 574       await updateUser({
 575         url: server.url,
 576         userId,
 577         accessToken,
 578         password: 'password updated'
 579       })
 580
 581       await getMyUserVideoQuotaUsed(server.url, accessTokenUser, 401)
 582
 583       await userLogin(server, user, 400)
 584
 585       user.password = 'password updated'
 586       accessTokenUser = await userLogin(server, user)
 587     })
 588   })
 589
 590   describe('Video blacklists', function () {
 591     it('Should be able to list video blacklist by a moderator', async function () {
 592       await getBlacklistedVideosList({ url: server.url, token: accessTokenUser })
 593     })
 594   })
 595
 596   describe('Remove a user', function () {
 597     it('Should be able to remove this user', async function () {
 598       await removeUser(server.url, userId, accessToken)
 599     })
 600
 601     it('Should not be able to login with this user', async function () {
 602       await userLogin(server, user, 400)
 603     })
 604
 605     it('Should not have videos of this user', async function () {
 606       const res = await getVideosList(server.url)
 607
 608       expect(res.body.total).to.equal(1)
 609
 610       const video = res.body.data[ 0 ]
 611       expect(video.account.name).to.equal('root')
 612     })
 613   })
 614
 615   describe('Registering a new user', function () {
 616     it('Should register a new user', async function () {
 617       await registerUser(server.url, 'user_15', 'my super password')
 618     })
 619
 620     it('Should be able to login with this registered user', async function () {
 621       const user15 = {
 622         username: 'user_15',
 623         password: 'my super password'
 624       }
 625
 626       accessToken = await userLogin(server, user15)
 627     })
 628
 629     it('Should have the correct video quota', async function () {
 630       const res = await getMyUserInformation(server.url, accessToken)
 631       const user = res.body
 632
 633       expect(user.videoQuota).to.equal(5 * 1024 * 1024)
 634     })
 635
 636     it('Should remove me', async function () {
 637       {
 638         const res = await getUsersList(server.url, server.accessToken)
 639         expect(res.body.data.find(u => u.username === 'user_15')).to.not.be.undefined
 640       }
 641
 642       await deleteMe(server.url, accessToken)
 643
 644       {
 645         const res = await getUsersList(server.url, server.accessToken)
 646         expect(res.body.data.find(u => u.username === 'user_15')).to.be.undefined
 647       }
 648     })
 649   })
 650
 651   describe('User blocking', function () {
 652     it('Should block and unblock a user', async function () {
 653       const user16 = {
 654         username: 'user_16',
 655         password: 'my super password'
 656       }
 657       const resUser = await createUser({
 658         url: server.url,
 659         accessToken: server.accessToken,
 660         username: user16.username,
 661         password: user16.password
 662       })
 663       const user16Id = resUser.body.user.id
 664
 665       accessToken = await userLogin(server, user16)
 666
 667       await getMyUserInformation(server.url, accessToken, 200)
 668       await blockUser(server.url, user16Id, server.accessToken)
 669
 670       await getMyUserInformation(server.url, accessToken, 401)
 671       await userLogin(server, user16, 400)
 672
 673       await unblockUser(server.url, user16Id, server.accessToken)
 674       accessToken = await userLogin(server, user16)
 675       await getMyUserInformation(server.url, accessToken, 200)
 676     })
 677   })
 678
 679   after(async function () {
 680     await cleanupTests([ server ])
 681   })
 682 })