X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Ftests%2Fapi%2Fcheck-params%2Fusers.ts;h=0a13f5b678cefc1168b4b4dae95200c37a43c5f3;hb=0d8de2756fdc43be61a82a96c17d12ee52ba0143;hp=3e53c445d313870607c92d9aa73e36fc5b6d7f56;hpb=b488ba1e26b803ac6c637e8b11bdd444ca4c803f;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/tests/api/check-params/users.ts b/server/tests/api/check-params/users.ts index 3e53c445d..0a13f5b67 100644 --- a/server/tests/api/check-params/users.ts +++ b/server/tests/api/check-params/users.ts @@ -14,6 +14,7 @@ import { flushAndRunServer, getMyUserInformation, getMyUserVideoRating, + getUserScopedTokens, getUsersList, immutableAssign, killallServers, @@ -23,6 +24,7 @@ import { makeUploadRequest, registerUser, removeUser, + renewUserScopedTokens, reRunServer, ServerInfo, setAccessTokensToServers, @@ -38,9 +40,10 @@ import { checkBadStartPagination } from '../../../../shared/extra-utils/requests/check-api-params' import { waitJobs } from '../../../../shared/extra-utils/server/jobs' -import { getMagnetURI, getMyVideoImports, getGoodVideoUrl, importVideo } from '../../../../shared/extra-utils/videos/video-imports' +import { getGoodVideoUrl, getMagnetURI, getMyVideoImports, importVideo } from '../../../../shared/extra-utils/videos/video-imports' import { UserAdminFlag } from '../../../../shared/models/users/user-flag.model' import { VideoPrivacy } from '../../../../shared/models/videos' +import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes' describe('Test users API validators', function () { const path = '/api/v1/users/' @@ -154,23 +157,11 @@ describe('Test users API validators', function () { await checkBadSortPagination(server.url, path, server.accessToken) }) - it('Should fail with a bad blocked/banned user filter', async function () { - await makeGetRequest({ - url: server.url, - path, - query: { - blocked: 42 - }, - token: server.accessToken, - statusCodeExpected: 400 - }) - }) - it('Should fail with a non authenticated user', async function () { await makeGetRequest({ url: server.url, path, - statusCodeExpected: 401 + statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 }) }) @@ -179,7 +170,7 @@ describe('Test users API validators', function () { url: server.url, path, token: userAccessToken, - statusCodeExpected: 403 + statusCodeExpected: HttpStatusCode.FORBIDDEN_403 }) }) }) @@ -273,7 +264,7 @@ describe('Test users API validators', function () { path: path, token: server.accessToken, fields, - statusCodeExpected: 200 + statusCodeExpected: HttpStatusCode.OK_200 }) }) @@ -289,20 +280,32 @@ describe('Test users API validators', function () { path, token: 'super token', fields: baseCorrectParams, - statusCodeExpected: 401 + statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 }) }) it('Should fail if we add a user with the same username', async function () { const fields = immutableAssign(baseCorrectParams, { username: 'user1' }) - await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 }) + await makePostBodyRequest({ + url: server.url, + path, + token: server.accessToken, + fields, + statusCodeExpected: HttpStatusCode.CONFLICT_409 + }) }) it('Should fail if we add a user with the same email', async function () { const fields = immutableAssign(baseCorrectParams, { email: 'user1@example.com' }) - await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 }) + await makePostBodyRequest({ + url: server.url, + path, + token: server.accessToken, + fields, + statusCodeExpected: HttpStatusCode.CONFLICT_409 + }) }) it('Should fail without a videoQuota', async function () { @@ -349,7 +352,7 @@ describe('Test users API validators', function () { path, token: server.accessToken, fields, - statusCodeExpected: 409 + statusCodeExpected: HttpStatusCode.CONFLICT_409 }) }) @@ -362,7 +365,7 @@ describe('Test users API validators', function () { path, token: moderatorAccessToken, fields, - statusCodeExpected: 403 + statusCodeExpected: HttpStatusCode.FORBIDDEN_403 }) } }) @@ -375,7 +378,7 @@ describe('Test users API validators', function () { path, token: moderatorAccessToken, fields, - statusCodeExpected: 200 + statusCodeExpected: HttpStatusCode.OK_200 }) }) @@ -385,7 +388,7 @@ describe('Test users API validators', function () { path, token: server.accessToken, fields: baseCorrectParams, - statusCodeExpected: 200 + statusCodeExpected: HttpStatusCode.OK_200 }) }) @@ -402,7 +405,7 @@ describe('Test users API validators', function () { password: 'my super password', videoQuota: 42000000 } - await makePostBodyRequest({ url: server.url, path, token: userAccessToken, fields, statusCodeExpected: 403 }) + await makePostBodyRequest({ url: server.url, path, token: userAccessToken, fields, statusCodeExpected: HttpStatusCode.FORBIDDEN_403 }) }) }) @@ -448,7 +451,13 @@ describe('Test users API validators', function () { password: 'super'.repeat(61) } - await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields, statusCodeExpected: 401 }) + await makePutBodyRequest({ + url: server.url, + path: path + 'me', + token: userAccessToken, + fields, + statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 + }) }) it('Should fail with an invalid NSFW policy attribute', async function () { @@ -489,7 +498,13 @@ describe('Test users API validators', function () { password: 'my super password' } - await makePutBodyRequest({ url: server.url, path: path + 'me', token: 'super token', fields, statusCodeExpected: 401 }) + await makePutBodyRequest({ + url: server.url, + path: path + 'me', + token: 'super token', + fields, + statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 + }) }) it('Should fail with a too long description', async function () { @@ -561,7 +576,13 @@ describe('Test users API validators', function () { noWelcomeModal: true } - await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields, statusCodeExpected: 204 }) + await makePutBodyRequest({ + url: server.url, + path: path + 'me', + token: userAccessToken, + fields, + statusCodeExpected: HttpStatusCode.NO_CONTENT_204 + }) }) it('Should succeed without password change with the correct params', async function () { @@ -570,7 +591,13 @@ describe('Test users API validators', function () { autoPlayVideo: false } - await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields, statusCodeExpected: 204 }) + await makePutBodyRequest({ + url: server.url, + path: path + 'me', + token: userAccessToken, + fields, + statusCodeExpected: HttpStatusCode.NO_CONTENT_204 + }) }) }) @@ -601,7 +628,7 @@ describe('Test users API validators', function () { path: path + '/me/avatar/pick', fields, attaches, - statusCodeExpected: 401 + statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 }) }) @@ -616,23 +643,56 @@ describe('Test users API validators', function () { token: server.accessToken, fields, attaches, - statusCodeExpected: 200 + statusCodeExpected: HttpStatusCode.OK_200 }) }) }) + describe('When managing my scoped tokens', function () { + + it('Should fail to get my scoped tokens with an non authenticated user', async function () { + await getUserScopedTokens(server.url, null, HttpStatusCode.UNAUTHORIZED_401) + }) + + it('Should fail to get my scoped tokens with a bad token', async function () { + await getUserScopedTokens(server.url, 'bad', HttpStatusCode.UNAUTHORIZED_401) + + }) + + it('Should succeed to get my scoped tokens', async function () { + await getUserScopedTokens(server.url, server.accessToken) + }) + + it('Should fail to renew my scoped tokens with an non authenticated user', async function () { + await renewUserScopedTokens(server.url, null, HttpStatusCode.UNAUTHORIZED_401) + }) + + it('Should fail to renew my scoped tokens with a bad token', async function () { + await renewUserScopedTokens(server.url, 'bad', HttpStatusCode.UNAUTHORIZED_401) + }) + + it('Should succeed to renew my scoped tokens', async function () { + await renewUserScopedTokens(server.url, server.accessToken) + }) + }) + describe('When getting a user', function () { it('Should fail with an non authenticated user', async function () { - await makeGetRequest({ url: server.url, path: path + userId, token: 'super token', statusCodeExpected: 401 }) + await makeGetRequest({ + url: server.url, + path: path + userId, + token: 'super token', + statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 + }) }) it('Should fail with a non admin user', async function () { - await makeGetRequest({ url: server.url, path, token: userAccessToken, statusCodeExpected: 403 }) + await makeGetRequest({ url: server.url, path, token: userAccessToken, statusCodeExpected: HttpStatusCode.FORBIDDEN_403 }) }) it('Should succeed with the correct params', async function () { - await makeGetRequest({ url: server.url, path: path + userId, token: server.accessToken, statusCodeExpected: 200 }) + await makeGetRequest({ url: server.url, path: path + userId, token: server.accessToken, statusCodeExpected: HttpStatusCode.OK_200 }) }) }) @@ -693,7 +753,13 @@ describe('Test users API validators', function () { videoQuota: 42 } - await makePutBodyRequest({ url: server.url, path: path + userId, token: 'super token', fields, statusCodeExpected: 401 }) + await makePutBodyRequest({ + url: server.url, + path: path + userId, + token: 'super token', + fields, + statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 + }) }) it('Should fail when updating root role', async function () { @@ -720,7 +786,7 @@ describe('Test users API validators', function () { path: path + moderatorId, token: moderatorAccessToken, fields, - statusCodeExpected: 403 + statusCodeExpected: HttpStatusCode.FORBIDDEN_403 }) }) @@ -734,7 +800,7 @@ describe('Test users API validators', function () { path: path + userId, token: moderatorAccessToken, fields, - statusCodeExpected: 204 + statusCodeExpected: HttpStatusCode.NO_CONTENT_204 }) }) @@ -746,13 +812,19 @@ describe('Test users API validators', function () { role: UserRole.USER } - await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields, statusCodeExpected: 204 }) + await makePutBodyRequest({ + url: server.url, + path: path + userId, + token: server.accessToken, + fields, + statusCodeExpected: HttpStatusCode.NO_CONTENT_204 + }) }) }) describe('When getting my information', function () { it('Should fail with a non authenticated user', async function () { - await getMyUserInformation(server.url, 'fake_token', 401) + await getMyUserInformation(server.url, 'fake_token', HttpStatusCode.UNAUTHORIZED_401) }) it('Should success with the correct parameters', async function () { @@ -762,15 +834,15 @@ describe('Test users API validators', function () { describe('When getting my video rating', function () { it('Should fail with a non authenticated user', async function () { - await getMyUserVideoRating(server.url, 'fake_token', videoId, 401) + await getMyUserVideoRating(server.url, 'fake_token', videoId, HttpStatusCode.UNAUTHORIZED_401) }) it('Should fail with an incorrect video uuid', async function () { - await getMyUserVideoRating(server.url, server.accessToken, 'blabla', 400) + await getMyUserVideoRating(server.url, server.accessToken, 'blabla', HttpStatusCode.BAD_REQUEST_400) }) it('Should fail with an unknown video', async function () { - await getMyUserVideoRating(server.url, server.accessToken, '4da6fde3-88f7-4d16-b119-108df5630b06', 404) + await getMyUserVideoRating(server.url, server.accessToken, '4da6fde3-88f7-4d16-b119-108df5630b06', HttpStatusCode.NOT_FOUND_404) }) it('Should succeed with the correct parameters', async function () { @@ -794,51 +866,57 @@ describe('Test users API validators', function () { }) it('Should fail with a unauthenticated user', async function () { - await makeGetRequest({ url: server.url, path, statusCodeExpected: 401 }) + await makeGetRequest({ url: server.url, path, statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 }) }) it('Should fail with a another user', async function () { - await makeGetRequest({ url: server.url, path, token: server.accessToken, statusCodeExpected: 403 }) + await makeGetRequest({ url: server.url, path, token: server.accessToken, statusCodeExpected: HttpStatusCode.FORBIDDEN_403 }) }) it('Should fail with a bad type', async function () { - await makeGetRequest({ url: server.url, path, token: userAccessToken, query: { rating: 'toto ' }, statusCodeExpected: 400 }) + await makeGetRequest({ + url: server.url, + path, + token: userAccessToken, + query: { rating: 'toto ' }, + statusCodeExpected: HttpStatusCode.BAD_REQUEST_400 + }) }) it('Should succeed with the correct params', async function () { - await makeGetRequest({ url: server.url, path, token: userAccessToken, statusCodeExpected: 200 }) + await makeGetRequest({ url: server.url, path, token: userAccessToken, statusCodeExpected: HttpStatusCode.OK_200 }) }) }) describe('When blocking/unblocking/removing user', function () { it('Should fail with an incorrect id', async function () { - await removeUser(server.url, 'blabla', server.accessToken, 400) - await blockUser(server.url, 'blabla', server.accessToken, 400) - await unblockUser(server.url, 'blabla', server.accessToken, 400) + await removeUser(server.url, 'blabla', server.accessToken, HttpStatusCode.BAD_REQUEST_400) + await blockUser(server.url, 'blabla', server.accessToken, HttpStatusCode.BAD_REQUEST_400) + await unblockUser(server.url, 'blabla', server.accessToken, HttpStatusCode.BAD_REQUEST_400) }) it('Should fail with the root user', async function () { - await removeUser(server.url, rootId, server.accessToken, 400) - await blockUser(server.url, rootId, server.accessToken, 400) - await unblockUser(server.url, rootId, server.accessToken, 400) + await removeUser(server.url, rootId, server.accessToken, HttpStatusCode.BAD_REQUEST_400) + await blockUser(server.url, rootId, server.accessToken, HttpStatusCode.BAD_REQUEST_400) + await unblockUser(server.url, rootId, server.accessToken, HttpStatusCode.BAD_REQUEST_400) }) it('Should return 404 with a non existing id', async function () { - await removeUser(server.url, 4545454, server.accessToken, 404) - await blockUser(server.url, 4545454, server.accessToken, 404) - await unblockUser(server.url, 4545454, server.accessToken, 404) + await removeUser(server.url, 4545454, server.accessToken, HttpStatusCode.NOT_FOUND_404) + await blockUser(server.url, 4545454, server.accessToken, HttpStatusCode.NOT_FOUND_404) + await unblockUser(server.url, 4545454, server.accessToken, HttpStatusCode.NOT_FOUND_404) }) it('Should fail with a non admin user', async function () { - await removeUser(server.url, userId, userAccessToken, 403) - await blockUser(server.url, userId, userAccessToken, 403) - await unblockUser(server.url, userId, userAccessToken, 403) + await removeUser(server.url, userId, userAccessToken, HttpStatusCode.FORBIDDEN_403) + await blockUser(server.url, userId, userAccessToken, HttpStatusCode.FORBIDDEN_403) + await unblockUser(server.url, userId, userAccessToken, HttpStatusCode.FORBIDDEN_403) }) it('Should fail on a moderator with a moderator', async function () { - await removeUser(server.url, moderatorId, moderatorAccessToken, 403) - await blockUser(server.url, moderatorId, moderatorAccessToken, 403) - await unblockUser(server.url, moderatorId, moderatorAccessToken, 403) + await removeUser(server.url, moderatorId, moderatorAccessToken, HttpStatusCode.FORBIDDEN_403) + await blockUser(server.url, moderatorId, moderatorAccessToken, HttpStatusCode.FORBIDDEN_403) + await unblockUser(server.url, moderatorId, moderatorAccessToken, HttpStatusCode.FORBIDDEN_403) }) it('Should succeed on a user with a moderator', async function () { @@ -849,7 +927,7 @@ describe('Test users API validators', function () { describe('When deleting our account', function () { it('Should fail with with the root account', async function () { - await deleteMe(server.url, server.accessToken, 400) + await deleteMe(server.url, server.accessToken, HttpStatusCode.BAD_REQUEST_400) }) }) @@ -912,7 +990,7 @@ describe('Test users API validators', function () { path: registrationPath, token: server.accessToken, fields, - statusCodeExpected: 409 + statusCodeExpected: HttpStatusCode.CONFLICT_409 }) }) @@ -924,7 +1002,7 @@ describe('Test users API validators', function () { path: registrationPath, token: server.accessToken, fields, - statusCodeExpected: 409 + statusCodeExpected: HttpStatusCode.CONFLICT_409 }) }) @@ -936,7 +1014,7 @@ describe('Test users API validators', function () { path: registrationPath, token: server.accessToken, fields, - statusCodeExpected: 409 + statusCodeExpected: HttpStatusCode.CONFLICT_409 }) }) @@ -971,7 +1049,13 @@ describe('Test users API validators', function () { const fields = immutableAssign(baseCorrectParams, { channel: { name: 'existing_channel', displayName: 'toto' } }) - await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields, statusCodeExpected: 409 }) + await makePostBodyRequest({ + url: server.url, + path: registrationPath, + token: server.accessToken, + fields, + statusCodeExpected: HttpStatusCode.CONFLICT_409 + }) }) it('Should succeed with the correct params', async function () { @@ -982,7 +1066,7 @@ describe('Test users API validators', function () { path: registrationPath, token: server.accessToken, fields: fields, - statusCodeExpected: 204 + statusCodeExpected: HttpStatusCode.NO_CONTENT_204 }) }) @@ -998,14 +1082,14 @@ describe('Test users API validators', function () { path: registrationPath, token: serverWithRegistrationDisabled.accessToken, fields, - statusCodeExpected: 403 + statusCodeExpected: HttpStatusCode.FORBIDDEN_403 }) }) }) describe('When registering multiple users on a server with users limit', function () { it('Should fail when after 3 registrations', async function () { - await registerUser(server.url, 'user42', 'super password', 403) + await registerUser(server.url, 'user42', 'super password', HttpStatusCode.FORBIDDEN_403) }) }) @@ -1018,7 +1102,7 @@ describe('Test users API validators', function () { videoQuota: 42 }) - await uploadVideo(server.url, server.accessToken, {}, 403) + await uploadVideo(server.url, server.accessToken, {}, HttpStatusCode.PAYLOAD_TOO_LARGE_413) }) it('Should fail with a registered user having too many videos', async function () { @@ -1036,7 +1120,7 @@ describe('Test users API validators', function () { await uploadVideo(server.url, userAccessToken, videoAttributes) await uploadVideo(server.url, userAccessToken, videoAttributes) await uploadVideo(server.url, userAccessToken, videoAttributes) - await uploadVideo(server.url, userAccessToken, videoAttributes, 403) + await uploadVideo(server.url, userAccessToken, videoAttributes, HttpStatusCode.PAYLOAD_TOO_LARGE_413) }) it('Should fail to import with HTTP/Torrent/magnet', async function () { @@ -1067,7 +1151,7 @@ describe('Test users API validators', function () { }) describe('When having a daily video quota', function () { - it('Should fail with a user having too many videos', async function () { + it('Should fail with a user having too many videos daily', async function () { await updateUser({ url: server.url, userId: rootId, @@ -1075,7 +1159,7 @@ describe('Test users API validators', function () { videoQuotaDaily: 42 }) - await uploadVideo(server.url, server.accessToken, {}, 403) + await uploadVideo(server.url, server.accessToken, {}, HttpStatusCode.PAYLOAD_TOO_LARGE_413) }) }) @@ -1089,7 +1173,7 @@ describe('Test users API validators', function () { videoQuotaDaily: 1024 * 1024 * 1024 }) - await uploadVideo(server.url, server.accessToken, {}, 403) + await uploadVideo(server.url, server.accessToken, {}, HttpStatusCode.PAYLOAD_TOO_LARGE_413) }) it('Should fail if exceeding daily quota', async function () { @@ -1101,7 +1185,7 @@ describe('Test users API validators', function () { videoQuotaDaily: 42 }) - await uploadVideo(server.url, server.accessToken, {}, 403) + await uploadVideo(server.url, server.accessToken, {}, HttpStatusCode.PAYLOAD_TOO_LARGE_413) }) }) @@ -1123,7 +1207,13 @@ describe('Test users API validators', function () { it('Should success with the correct params', async function () { const fields = { email: 'admin@example.com' } - await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 204 }) + await makePostBodyRequest({ + url: server.url, + path, + token: server.accessToken, + fields, + statusCodeExpected: HttpStatusCode.NO_CONTENT_204 + }) }) }) @@ -1145,7 +1235,13 @@ describe('Test users API validators', function () { it('Should succeed with the correct params', async function () { const fields = { email: 'admin@example.com' } - await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 204 }) + await makePostBodyRequest({ + url: server.url, + path, + token: server.accessToken, + fields, + statusCodeExpected: HttpStatusCode.NO_CONTENT_204 + }) }) })