- describe('OAuth client', function () {
- it('Should create a new client')
-
- it('Should return the first client')
-
- it('Should remove the last client')
-
- it('Should not login with an invalid client id', async function () {
- const client = { id: 'client', secret: server.store.client.secret }
- const body = await server.login.login({ client, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
-
- expect(body.code).to.equal(OAuth2ErrorCode.INVALID_CLIENT)
- expect(body.error).to.contain('client is invalid')
- expect(body.type.startsWith('https://')).to.be.true
- expect(body.type).to.contain(OAuth2ErrorCode.INVALID_CLIENT)
- })
-
- it('Should not login with an invalid client secret', async function () {
- const client = { id: server.store.client.id, secret: 'coucou' }
- const body = await server.login.login({ client, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
-
- expect(body.code).to.equal(OAuth2ErrorCode.INVALID_CLIENT)
- expect(body.error).to.contain('client is invalid')
- expect(body.type.startsWith('https://')).to.be.true
- expect(body.type).to.contain(OAuth2ErrorCode.INVALID_CLIENT)
- })
- })
-
- describe('Login', function () {
-
- it('Should not login with an invalid username', async function () {
- const user = { username: 'captain crochet', password: server.store.user.password }
- const body = await server.login.login({ user, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
-
- expect(body.code).to.equal(OAuth2ErrorCode.INVALID_GRANT)
- expect(body.error).to.contain('credentials are invalid')
- expect(body.type.startsWith('https://')).to.be.true
- expect(body.type).to.contain(OAuth2ErrorCode.INVALID_GRANT)
- })
-
- it('Should not login with an invalid password', async function () {
- const user = { username: server.store.user.username, password: 'mew_three' }
- const body = await server.login.login({ user, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
-
- expect(body.code).to.equal(OAuth2ErrorCode.INVALID_GRANT)
- expect(body.error).to.contain('credentials are invalid')
- expect(body.type.startsWith('https://')).to.be.true
- expect(body.type).to.contain(OAuth2ErrorCode.INVALID_GRANT)
- })
-
- it('Should not be able to upload a video', async function () {
- token = 'my_super_token'
-
- await server.videos.upload({ token, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
- })
-
- it('Should not be able to follow', async function () {
- token = 'my_super_token'
-
- await server.follows.follow({
- hosts: [ 'http://example.com' ],
- token,
- expectedStatus: HttpStatusCode.UNAUTHORIZED_401
- })
- })
-
- it('Should not be able to unfollow')
-
- it('Should be able to login', async function () {
- const body = await server.login.login({ expectedStatus: HttpStatusCode.OK_200 })
-
- token = body.access_token
- })
-
- it('Should be able to login with an insensitive username', async function () {
- const user = { username: 'RoOt', password: server.store.user.password }
- await server.login.login({ user, expectedStatus: HttpStatusCode.OK_200 })
-
- const user2 = { username: 'rOoT', password: server.store.user.password }
- await server.login.login({ user: user2, expectedStatus: HttpStatusCode.OK_200 })
-
- const user3 = { username: 'ROOt', password: server.store.user.password }
- await server.login.login({ user: user3, expectedStatus: HttpStatusCode.OK_200 })
- })
- })
-
- describe('Upload', function () {
-
- it('Should upload the video with the correct token', async function () {
- await server.videos.upload({ token })
- const { data } = await server.videos.list()
- const video = data[0]
-
- expect(video.account.name).to.equal('root')
- videoId = video.id
- })
-
- it('Should upload the video again with the correct token', async function () {
- await server.videos.upload({ token })
- })
- })
-
- describe('Ratings', function () {
-
- it('Should retrieve a video rating', async function () {
- await server.videos.rate({ id: videoId, rating: 'like' })
- const rating = await server.users.getMyRating({ token, videoId })
-
- expect(rating.videoId).to.equal(videoId)
- expect(rating.rating).to.equal('like')
- })
-
- it('Should retrieve ratings list', async function () {
- await server.videos.rate({ id: videoId, rating: 'like' })
-
- const body = await server.accounts.listRatings({ accountName: server.store.user.username })
-
- expect(body.total).to.equal(1)
- expect(body.data[0].video.id).to.equal(videoId)
- expect(body.data[0].rating).to.equal('like')
- })
-
- it('Should retrieve ratings list by rating type', async function () {
- {
- const body = await server.accounts.listRatings({ accountName: server.store.user.username, rating: 'like' })
- expect(body.data.length).to.equal(1)
- }
-
- {
- const body = await server.accounts.listRatings({ accountName: server.store.user.username, rating: 'dislike' })
- expect(body.data.length).to.equal(0)
- }
- })
- })
-
- describe('Remove video', function () {
- it('Should not be able to remove the video with an incorrect token', async function () {
- await server.videos.remove({ token: 'bad_token', id: videoId, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
- })
-
- it('Should not be able to remove the video with the token of another account')
-
- it('Should be able to remove the video with the correct token', async function () {
- await server.videos.remove({ token, id: videoId })
- })
- })
-
- describe('Logout', function () {
- it('Should logout (revoke token)', async function () {
- await server.login.logout({ token: server.accessToken })
- })
-
- it('Should not be able to get the user information', async function () {
- await server.users.getMyInfo({ expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
- })
-
- it('Should not be able to upload a video', async function () {
- await server.videos.upload({ attributes: { name: 'video' }, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
- })
-
- it('Should not be able to rate a video', async function () {
- const path = '/api/v1/videos/'
- const data = {
- rating: 'likes'
- }
-
- const options = {
- url: server.url,
- path: path + videoId,
- token: 'wrong token',
- fields: data,
- expectedStatus: HttpStatusCode.UNAUTHORIZED_401
- }
- await makePutBodyRequest(options)
- })
-
- it('Should be able to login again', async function () {
- const body = await server.login.login()
- server.accessToken = body.access_token
- server.refreshToken = body.refresh_token
- })
-
- it('Should be able to get my user information again', async function () {
- await server.users.getMyInfo()
- })
-
- it('Should have an expired access token', async function () {
- this.timeout(15000)
-
- await server.sql.setTokenField(server.accessToken, 'accessTokenExpiresAt', new Date().toISOString())
- await server.sql.setTokenField(server.accessToken, 'refreshTokenExpiresAt', new Date().toISOString())
-
- await killallServers([ server ])
- await server.run()
-
- await server.users.getMyInfo({ expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
- })
-
- it('Should not be able to refresh an access token with an expired refresh token', async function () {
- await server.login.refreshToken({ refreshToken: server.refreshToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
- })
-
- it('Should refresh the token', async function () {
- this.timeout(15000)
-
- const futureDate = new Date(new Date().getTime() + 1000 * 60).toISOString()
- await server.sql.setTokenField(server.accessToken, 'refreshTokenExpiresAt', futureDate)
-
- await killallServers([ server ])
- await server.run()
-
- const res = await server.login.refreshToken({ refreshToken: server.refreshToken })
- server.accessToken = res.body.access_token
- server.refreshToken = res.body.refresh_token
- })
-
- it('Should be able to get my user information again', async function () {
- await server.users.getMyInfo()
- })
- })
-