Server: delete user with the id and not the username

[github/Chocobozzz/PeerTube.git] / server / tests / api / checkParams.js

diff --git a/server/tests/api/checkParams.js b/server/tests/api/checkParams.js
index c1ba9c2c09d899de0c71297f7a1bdfc268905022..882948facf9a398d6140186252ea78a39b85b300 100644 (file)
--- a/server/tests/api/checkParams.js
+++ b/server/tests/api/checkParams.js
@@ -6,52 +6,14 @@ const pathUtils = require('path')
 const request = require('supertest')
 const series = require('async/series')
 
-const utils = require('./utils')
+const loginUtils = require('../utils/login')
+const requestsUtils = require('../utils/requests')
+const serversUtils = require('../utils/servers')
+const usersUtils = require('../utils/users')
 
 describe('Test parameters validator', function () {
   let server = null
 
-  function makePostRequest (path, token, fields, attaches, done, fail) {
-    let statusCode = 400
-    if (fail !== undefined && fail === false) statusCode = 204
-
-    const req = request(server.url)
-      .post(path)
-      .set('Accept', 'application/json')
-
-    if (token) req.set('Authorization', 'Bearer ' + token)
-
-    Object.keys(fields).forEach(function (field) {
-      const value = fields[field]
-
-      if (Array.isArray(value)) {
-        for (let i = 0; i < value.length; i++) {
-          req.field(field + '[' + i + ']', value[i])
-        }
-      } else {
-        req.field(field, value)
-      }
-    })
-
-    Object.keys(attaches).forEach(function (attach) {
-      const value = attaches[attach]
-      req.attach(attach, value)
-    })
-
-    req.expect(statusCode, done)
-  }
-
-  function makePostBodyRequest (path, fields, done, fail) {
-    let statusCode = 400
-    if (fail !== undefined && fail === false) statusCode = 200
-
-    request(server.url)
-      .post(path)
-      .set('Accept', 'application/json')
-      .send(fields)
-      .expect(statusCode, done)
-  }
-
   // ---------------------------------------------------------------
 
   before(function (done) {
@@ -59,17 +21,17 @@ describe('Test parameters validator', function () {
 
     series([
       function (next) {
-        utils.flushTests(next)
+        serversUtils.flushTests(next)
       },
       function (next) {
-        utils.runServer(1, function (server1) {
+        serversUtils.runServer(1, function (server1) {
           server = server1
 
           next()
         })
       },
       function (next) {
-        utils.loginAndGetAccessToken(server, function (err, token) {
+        loginUtils.loginAndGetAccessToken(server, function (err, token) {
           if (err) throw err
           server.accessToken = token
 
@@ -85,21 +47,21 @@ describe('Test parameters validator', function () {
     describe('When adding a pod', function () {
       it('Should fail with nothing', function (done) {
         const data = {}
-        makePostBodyRequest(path, data, done)
+        requestsUtils.makePostBodyRequest(server.url, path, null, data, done)
       })
 
       it('Should fail without public key', function (done) {
         const data = {
           url: 'http://coucou.com'
         }
-        makePostBodyRequest(path, data, done)
+        requestsUtils.makePostBodyRequest(server.url, path, null, data, done)
       })
 
       it('Should fail without an url', function (done) {
         const data = {
           publicKey: 'mysuperpublickey'
         }
-        makePostBodyRequest(path, data, done)
+        requestsUtils.makePostBodyRequest(server.url, path, null, data, done)
       })
 
       it('Should fail with an incorrect url', function (done) {
@@ -107,11 +69,11 @@ describe('Test parameters validator', function () {
           url: 'coucou.com',
           publicKey: 'mysuperpublickey'
         }
-        makePostBodyRequest(path, data, function () {
+        requestsUtils.makePostBodyRequest(server.url, path, null, data, function () {
           data.url = 'http://coucou'
-          makePostBodyRequest(path, data, function () {
+          requestsUtils.makePostBodyRequest(server.url, path, null, data, function () {
             data.url = 'coucou'
-            makePostBodyRequest(path, data, done)
+            requestsUtils.makePostBodyRequest(server.url, path, null, data, done)
           })
         })
       })
@@ -121,7 +83,68 @@ describe('Test parameters validator', function () {
           url: 'http://coucou.com',
           publicKey: 'mysuperpublickey'
         }
-        makePostBodyRequest(path, data, done, false)
+        requestsUtils.makePostBodyRequest(server.url, path, null, data, done, 200)
+      })
+    })
+
+    describe('For the friends API', function () {
+      let userAccessToken = null
+
+      before(function (done) {
+        usersUtils.createUser(server.url, server.accessToken, 'user1', 'password', function () {
+          server.user = {
+            username: 'user1',
+            password: 'password'
+          }
+
+          loginUtils.loginAndGetAccessToken(server, function (err, accessToken) {
+            if (err) throw err
+
+            userAccessToken = accessToken
+
+            done()
+          })
+        })
+      })
+
+      describe('When making friends', function () {
+        it('Should fail with a invalid token', function (done) {
+          request(server.url)
+            .get(path + '/makefriends')
+            .query({ start: 'hello' })
+            .set('Authorization', 'Bearer faketoken')
+            .set('Accept', 'application/json')
+            .expect(401, done)
+        })
+
+        it('Should fail if the user is not an administrator', function (done) {
+          request(server.url)
+            .get(path + '/makefriends')
+            .query({ start: 'hello' })
+            .set('Authorization', 'Bearer ' + userAccessToken)
+            .set('Accept', 'application/json')
+            .expect(403, done)
+        })
+      })
+
+      describe('When quitting friends', function () {
+        it('Should fail with a invalid token', function (done) {
+          request(server.url)
+            .get(path + '/quitfriends')
+            .query({ start: 'hello' })
+            .set('Authorization', 'Bearer faketoken')
+            .set('Accept', 'application/json')
+            .expect(401, done)
+        })
+
+        it('Should fail if the user is not an administrator', function (done) {
+          request(server.url)
+            .get(path + '/quitfriends')
+            .query({ start: 'hello' })
+            .set('Authorization', 'Bearer ' + userAccessToken)
+            .set('Accept', 'application/json')
+            .expect(403, done)
+        })
       })
     })
   })
@@ -192,7 +215,7 @@ describe('Test parameters validator', function () {
       it('Should fail with nothing', function (done) {
         const data = {}
         const attach = {}
-        makePostRequest(path, server.accessToken, data, attach, done)
+        requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, done)
       })
 
       it('Should fail without name', function (done) {
@@ -203,7 +226,7 @@ describe('Test parameters validator', function () {
         const attach = {
           'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
         }
-        makePostRequest(path, server.accessToken, data, attach, done)
+        requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, done)
       })
 
       it('Should fail with a long name', function (done) {
@@ -215,7 +238,7 @@ describe('Test parameters validator', function () {
         const attach = {
           'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
         }
-        makePostRequest(path, server.accessToken, data, attach, done)
+        requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, done)
       })
 
       it('Should fail without description', function (done) {
@@ -226,7 +249,7 @@ describe('Test parameters validator', function () {
         const attach = {
           'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
         }
-        makePostRequest(path, server.accessToken, data, attach, done)
+        requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, done)
       })
 
       it('Should fail with a long description', function (done) {
@@ -240,7 +263,7 @@ describe('Test parameters validator', function () {
         const attach = {
           'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
         }
-        makePostRequest(path, server.accessToken, data, attach, done)
+        requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, done)
       })
 
       it('Should fail without tags', function (done) {
@@ -251,7 +274,7 @@ describe('Test parameters validator', function () {
         const attach = {
           'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
         }
-        makePostRequest(path, server.accessToken, data, attach, done)
+        requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, done)
       })
 
       it('Should fail with too many tags', function (done) {
@@ -263,7 +286,7 @@ describe('Test parameters validator', function () {
         const attach = {
           'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
         }
-        makePostRequest(path, server.accessToken, data, attach, done)
+        requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, done)
       })
 
       it('Should fail with not enough tags', function (done) {
@@ -275,7 +298,7 @@ describe('Test parameters validator', function () {
         const attach = {
           'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
         }
-        makePostRequest(path, server.accessToken, data, attach, done)
+        requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, done)
       })
 
       it('Should fail with a tag length too low', function (done) {
@@ -287,7 +310,7 @@ describe('Test parameters validator', function () {
         const attach = {
           'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
         }
-        makePostRequest(path, server.accessToken, data, attach, done)
+        requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, done)
       })
 
       it('Should fail with a tag length too big', function (done) {
@@ -299,7 +322,7 @@ describe('Test parameters validator', function () {
         const attach = {
           'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
         }
-        makePostRequest(path, server.accessToken, data, attach, done)
+        requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, done)
       })
 
       it('Should fail with malformed tags', function (done) {
@@ -311,7 +334,7 @@ describe('Test parameters validator', function () {
         const attach = {
           'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
         }
-        makePostRequest(path, server.accessToken, data, attach, done)
+        requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, done)
       })
 
       it('Should fail without an input file', function (done) {
@@ -321,7 +344,7 @@ describe('Test parameters validator', function () {
           tags: [ 'tag1', 'tag2' ]
         }
         const attach = {}
-        makePostRequest(path, server.accessToken, data, attach, done)
+        requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, done)
       })
 
       it('Should fail without an incorrect input file', function (done) {
@@ -333,7 +356,7 @@ describe('Test parameters validator', function () {
         const attach = {
           'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short_fake.webm')
         }
-        makePostRequest(path, server.accessToken, data, attach, done)
+        requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, done)
       })
 
       it('Should fail with a too big duration', function (done) {
@@ -345,7 +368,7 @@ describe('Test parameters validator', function () {
         const attach = {
           'videofile': pathUtils.join(__dirname, 'fixtures', 'video_too_long.webm')
         }
-        makePostRequest(path, server.accessToken, data, attach, done)
+        requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, done)
       })
 
       it('Should succeed with the correct parameters', function (done) {
@@ -357,11 +380,11 @@ describe('Test parameters validator', function () {
         const attach = {
           'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
         }
-        makePostRequest(path, server.accessToken, data, attach, function () {
+        requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, function () {
           attach.videofile = pathUtils.join(__dirname, 'fixtures', 'video_short.mp4')
-          makePostRequest(path, server.accessToken, data, attach, function () {
+          requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, function () {
             attach.videofile = pathUtils.join(__dirname, 'fixtures', 'video_short.ogv')
-            makePostRequest(path, server.accessToken, data, attach, done, false)
+            requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, done, 204)
           }, false)
         }, false)
       })
@@ -423,12 +446,193 @@ describe('Test parameters validator', function () {
           .expect(404, done)
       })
 
+      it('Should fail with a video of another user')
+
       it('Should fail with a video of another pod')
 
       it('Should succeed with the correct parameters')
     })
   })
 
+  describe('Of the users API', function () {
+    const path = '/api/v1/users/'
+    let userId = null
+    let userAccessToken = null
+
+    describe('When adding a new user', function () {
+      it('Should fail with a too small username', function (done) {
+        const data = {
+          username: 'ji',
+          password: 'mysuperpassword'
+        }
+
+        requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
+      })
+
+      it('Should fail with a too long username', function (done) {
+        const data = {
+          username: 'mysuperusernamewhichisverylong',
+          password: 'mysuperpassword'
+        }
+
+        requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
+      })
+
+      it('Should fail with an incorrect username', function (done) {
+        const data = {
+          username: 'my username',
+          password: 'mysuperpassword'
+        }
+
+        requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
+      })
+
+      it('Should fail with a too small password', function (done) {
+        const data = {
+          username: 'myusername',
+          password: 'bla'
+        }
+
+        requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
+      })
+
+      it('Should fail with a too long password', function (done) {
+        const data = {
+          username: 'myusername',
+          password: 'my super long password which is very very very very very very very very very very very very very very' +
+                    'very very very very very very very very very very very very very very very veryv very very very very' +
+                    'very very very very very very very very very very very very very very very very very very very very long'
+        }
+
+        requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
+      })
+
+      it('Should fail with an non authenticated user', function (done) {
+        const data = {
+          username: 'myusername',
+          password: 'my super password'
+        }
+
+        requestsUtils.makePostBodyRequest(server.url, path, 'super token', data, done, 401)
+      })
+
+      it('Should succeed with the correct params', function (done) {
+        const data = {
+          username: 'user1',
+          password: 'my super password'
+        }
+
+        requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done, 204)
+      })
+
+      it('Should fail with a non admin user', function (done) {
+        server.user = {
+          username: 'user1',
+          password: 'my super password'
+        }
+
+        loginUtils.loginAndGetAccessToken(server, function (err, accessToken) {
+          if (err) throw err
+
+          userAccessToken = accessToken
+
+          const data = {
+            username: 'user2',
+            password: 'my super password'
+          }
+
+          requestsUtils.makePostBodyRequest(server.url, path, userAccessToken, data, done, 403)
+        })
+      })
+    })
+
+    describe('When updating a user', function () {
+      before(function (done) {
+        usersUtils.getUsersList(server.url, function (err, res) {
+          if (err) throw err
+
+          userId = res.body.data[1].id
+          done()
+        })
+      })
+
+      it('Should fail with a too small password', function (done) {
+        const data = {
+          password: 'bla'
+        }
+
+        requestsUtils.makePutBodyRequest(server.url, path + userId, userAccessToken, data, done)
+      })
+
+      it('Should fail with a too long password', function (done) {
+        const data = {
+          password: 'my super long password which is very very very very very very very very very very very very very very' +
+                    'very very very very very very very very very very very very very very very veryv very very very very' +
+                    'very very very very very very very very very very very very very very very very very very very very long'
+        }
+
+        requestsUtils.makePutBodyRequest(server.url, path + userId, userAccessToken, data, done)
+      })
+
+      it('Should fail with an non authenticated user', function (done) {
+        const data = {
+          password: 'my super password'
+        }
+
+        requestsUtils.makePutBodyRequest(server.url, path + userId, 'super token', data, done, 401)
+      })
+
+      it('Should succeed with the correct params', function (done) {
+        const data = {
+          password: 'my super password'
+        }
+
+        requestsUtils.makePutBodyRequest(server.url, path + userId, userAccessToken, data, done, 204)
+      })
+    })
+
+    describe('When getting my information', function () {
+      it('Should fail with a non authenticated user', function (done) {
+        request(server.url)
+          .get(path + 'me')
+          .set('Authorization', 'Bearer faketoken')
+          .set('Accept', 'application/json')
+          .expect(401, done)
+      })
+
+      it('Should success with the correct parameters', function (done) {
+        request(server.url)
+          .get(path + 'me')
+          .set('Authorization', 'Bearer ' + userAccessToken)
+          .set('Accept', 'application/json')
+          .expect(200, done)
+      })
+    })
+
+    describe('When removing an user', function () {
+      it('Should fail with an incorrect id', function (done) {
+        request(server.url)
+          .delete(path + 'bla-bla')
+          .set('Authorization', 'Bearer ' + server.accessToken)
+          .expect(400, done)
+      })
+
+      it('Should return 404 with a non existing id', function (done) {
+        request(server.url)
+          .delete(path + '579f982228c99c221d8092b8')
+          .set('Authorization', 'Bearer ' + server.accessToken)
+          .expect(404, done)
+      })
+
+      it('Should success with the correct parameters', function (done) {
+        request(server.url)
+          .delete(path + userId)
+          .set('Authorization', 'Bearer ' + server.accessToken)
+          .expect(204, done)
+      })
+    })
+  })
+
   describe('Of the remote videos API', function () {
     describe('When making a secure request', function () {
       it('Should check a secure request')
@@ -448,7 +652,7 @@ describe('Test parameters validator', function () {
 
     // Keep the logs if the test failed
     if (this.ok) {
-      utils.flushTests(done)
+      serversUtils.flushTests(done)
     } else {
       done()
     }