aboutsummaryrefslogblamecommitdiffhomepage
path: root/server/tests/api/check-params/users.js
blob: 0ba5e77c386319c49518fce9307150c743845107 (plain) (tree)
1
2
3
4
5
6
7
8
9
10
11

                                          








                                                     
                                                 




                                                   
                    
                   
                                           











                                                                    








                                                            


















                                                                                       

                                                                                      











                                                                   













































                                                                                 
                                  








                                                                                         
                                  








                                                                                         



















                                                                                         








                                                                                         
                                  








                                                                                         
                                  










                                                                                                                            
                                  








                                                                                         










                                                                                              








                                                                                              
                                  








                                                                                              
                                  









                                                                             
                                    




































                                                                                                                            







                                                                                              









                                                                                                 

                                      























                                                                                                   
























































                                                                            






















                                                                    


















































































































                                                                                                                                                          

                                 
                                                         








                                       
/* eslint-disable no-unused-expressions */

'use strict'

const request = require('supertest')
const series = require('async/series')

const loginUtils = require('../../utils/login')
const requestsUtils = require('../../utils/requests')
const serversUtils = require('../../utils/servers')
const usersUtils = require('../../utils/users')
const videosUtils = require('../../utils/videos')

describe('Test users API validators', function () {
  const path = '/api/v1/users/'
  let userId = null
  let rootId = null
  let videoId = null
  let server = null
  let serverWithRegistrationDisabled = null
  let userAccessToken = null

  // ---------------------------------------------------------------

  before(function (done) {
    this.timeout(20000)

    series([
      function (next) {
        serversUtils.flushTests(next)
      },
      function (next) {
        serversUtils.runServer(1, function (serverCreated) {
          server = serverCreated

          next()
        })
      },
      function (next) {
        serversUtils.runServer(2, function (serverCreated) {
          serverWithRegistrationDisabled = serverCreated

          next()
        })
      },
      function (next) {
        loginUtils.loginAndGetAccessToken(server, function (err, token) {
          if (err) throw err
          server.accessToken = token

          next()
        })
      },
      function (next) {
        const username = 'user1'
        const password = 'my super password'

        usersUtils.createUser(server.url, server.accessToken, username, password, next)
      },
      function (next) {
        const videoAttributes = {}
        videosUtils.uploadVideo(server.url, server.accessToken, videoAttributes, next)
      },
      function (next) {
        videosUtils.getVideosList(server.url, function (err, res) {
          if (err) throw err

          const videos = res.body.data
          videoId = videos[0].id

          next()
        })
      },
      function (next) {
        const user = {
          username: 'user1',
          password: 'my super password'
        }

        loginUtils.getUserAccessToken(server, user, function (err, accessToken) {
          if (err) throw err

          userAccessToken = accessToken

          next()
        })
      }
    ], done)
  })

  describe('When listing users', function () {
    it('Should fail with a bad start pagination', function (done) {
      request(server.url)
        .get(path)
        .query({ start: 'hello' })
        .set('Accept', 'application/json')
        .expect(400, done)
    })

    it('Should fail with a bad count pagination', function (done) {
      request(server.url)
        .get(path)
        .query({ count: 'hello' })
        .set('Accept', 'application/json')
        .expect(400, done)
    })

    it('Should fail with an incorrect sort', function (done) {
      request(server.url)
        .get(path)
        .query({ sort: 'hello' })
        .set('Accept', 'application/json')
        .expect(400, done)
    })
  })

  describe('When adding a new user', function () {
    it('Should fail with a too small username', function (done) {
      const data = {
        username: 'ji',
        email: 'test@example.com',
        password: 'mysuperpassword'
      }

      requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
    })

    it('Should fail with a too long username', function (done) {
      const data = {
        username: 'mysuperusernamewhichisverylong',
        email: 'test@example.com',
        password: 'mysuperpassword'
      }

      requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
    })

    it('Should fail with an incorrect username', function (done) {
      const data = {
        username: 'my username',
        email: 'test@example.com',
        password: 'mysuperpassword'
      }

      requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
    })

    it('Should fail with a missing email', function (done) {
      const data = {
        username: 'ji',
        password: 'mysuperpassword'
      }

      requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
    })

    it('Should fail with an invalid email', function (done) {
      const data = {
        username: 'mysuperusernamewhichisverylong',
        email: 'testexample.com',
        password: 'mysuperpassword'
      }

      requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
    })

    it('Should fail with a too small password', function (done) {
      const data = {
        username: 'myusername',
        email: 'test@example.com',
        password: 'bla'
      }

      requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
    })

    it('Should fail with a too long password', function (done) {
      const data = {
        username: 'myusername',
        email: 'test@example.com',
        password: 'my super long password which is very very very very very very very very very very very very very very' +
                  'very very very very very very very very very very very very very very very veryv very very very very' +
                  'very very very very very very very very very very very very very very very very very very very very long'
      }

      requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
    })

    it('Should fail with an non authenticated user', function (done) {
      const data = {
        username: 'myusername',
        email: 'test@example.com',
        password: 'my super password'
      }

      requestsUtils.makePostBodyRequest(server.url, path, 'super token', data, done, 401)
    })

    it('Should fail if we add a user with the same username', function (done) {
      const data = {
        username: 'user1',
        email: 'test@example.com',
        password: 'my super password'
      }

      requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done, 409)
    })

    it('Should fail if we add a user with the same email', function (done) {
      const data = {
        username: 'myusername',
        email: 'user1@example.com',
        password: 'my super password'
      }

      requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done, 409)
    })

    it('Should succeed with the correct params', function (done) {
      const data = {
        username: 'user2',
        email: 'test@example.com',
        password: 'my super password'
      }

      requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done, 204)
    })

    it('Should fail with a non admin user', function (done) {
      server.user = {
        username: 'user1',
        email: 'test@example.com',
        password: 'my super password'
      }

      loginUtils.loginAndGetAccessToken(server, function (err, accessToken) {
        if (err) throw err

        userAccessToken = accessToken

        const data = {
          username: 'user3',
          email: 'test@example.com',
          password: 'my super password'
        }

        requestsUtils.makePostBodyRequest(server.url, path, userAccessToken, data, done, 403)
      })
    })
  })

  describe('When updating a user', function () {
    before(function (done) {
      usersUtils.getUsersList(server.url, function (err, res) {
        if (err) throw err

        userId = res.body.data[1].id
        rootId = res.body.data[2].id
        done()
      })
    })

    it('Should fail with a too small password', function (done) {
      const data = {
        password: 'bla'
      }

      requestsUtils.makePutBodyRequest(server.url, path + userId, userAccessToken, data, done)
    })

    it('Should fail with a too long password', function (done) {
      const data = {
        password: 'my super long password which is very very very very very very very very very very very very very very' +
                  'very very very very very very very very very very very very very very very veryv very very very very' +
                  'very very very very very very very very very very very very very very very very very very very very long'
      }

      requestsUtils.makePutBodyRequest(server.url, path + userId, userAccessToken, data, done)
    })

    it('Should fail with an invalid display NSFW attribute', function (done) {
      const data = {
        displayNSFW: -1
      }

      requestsUtils.makePutBodyRequest(server.url, path + userId, userAccessToken, data, done)
    })

    it('Should fail with an non authenticated user', function (done) {
      const data = {
        password: 'my super password'
      }

      requestsUtils.makePutBodyRequest(server.url, path + userId, 'super token', data, done, 401)
    })

    it('Should succeed with the correct params', function (done) {
      const data = {
        password: 'my super password',
        displayNSFW: true
      }

      requestsUtils.makePutBodyRequest(server.url, path + userId, userAccessToken, data, done, 204)
    })
  })

  describe('When getting my information', function () {
    it('Should fail with a non authenticated user', function (done) {
      request(server.url)
        .get(path + 'me')
        .set('Authorization', 'Bearer faketoken')
        .set('Accept', 'application/json')
        .expect(401, done)
    })

    it('Should success with the correct parameters', function (done) {
      request(server.url)
        .get(path + 'me')
        .set('Authorization', 'Bearer ' + userAccessToken)
        .set('Accept', 'application/json')
        .expect(200, done)
    })
  })

  describe('When getting my video rating', function () {
    it('Should fail with a non authenticated user', function (done) {
      request(server.url)
        .get(path + 'me/videos/' + videoId + '/rating')
        .set('Authorization', 'Bearer faketoken')
        .set('Accept', 'application/json')
        .expect(401, done)
    })

    it('Should fail with an incorrect video uuid', function (done) {
      request(server.url)
        .get(path + 'me/videos/blabla/rating')
        .set('Authorization', 'Bearer ' + userAccessToken)
        .set('Accept', 'application/json')
        .expect(400, done)
    })

    it('Should fail with an unknown video', function (done) {
      request(server.url)
        .get(path + 'me/videos/4da6fde3-88f7-4d16-b119-108df5630b06/rating')
        .set('Authorization', 'Bearer ' + userAccessToken)
        .set('Accept', 'application/json')
        .expect(404, done)
    })

    it('Should success with the correct parameters', function (done) {
      request(server.url)
        .get(path + 'me/videos/' + videoId + '/rating')
        .set('Authorization', 'Bearer ' + userAccessToken)
        .set('Accept', 'application/json')
        .expect(200, done)
    })
  })

  describe('When removing an user', function () {
    it('Should fail with an incorrect id', function (done) {
      request(server.url)
        .delete(path + 'bla-bla')
        .set('Authorization', 'Bearer ' + server.accessToken)
        .expect(400, done)
    })

    it('Should fail with the root user', function (done) {
      request(server.url)
        .delete(path + rootId)
        .set('Authorization', 'Bearer ' + server.accessToken)
        .expect(400, done)
    })

    it('Should return 404 with a non existing id', function (done) {
      request(server.url)
        .delete(path + '45')
        .set('Authorization', 'Bearer ' + server.accessToken)
        .expect(404, done)
    })
  })

  describe('When removing an user', function () {
    it('Should fail with an incorrect id', function (done) {
      request(server.url)
        .delete(path + 'bla-bla')
        .set('Authorization', 'Bearer ' + server.accessToken)
        .expect(400, done)
    })

    it('Should fail with the root user', function (done) {
      request(server.url)
        .delete(path + rootId)
        .set('Authorization', 'Bearer ' + server.accessToken)
        .expect(400, done)
    })

    it('Should return 404 with a non existing id', function (done) {
      request(server.url)
        .delete(path + '45')
        .set('Authorization', 'Bearer ' + server.accessToken)
        .expect(404, done)
    })
  })

  describe('When register a new user', function () {
    const registrationPath = path + '/register'

    it('Should fail with a too small username', function (done) {
      const data = {
        username: 'ji',
        email: 'test@example.com',
        password: 'mysuperpassword'
      }

      requestsUtils.makePostBodyRequest(server.url, registrationPath, server.accessToken, data, done)
    })

    it('Should fail with a too long username', function (done) {
      const data = {
        username: 'mysuperusernamewhichisverylong',
        email: 'test@example.com',
        password: 'mysuperpassword'
      }

      requestsUtils.makePostBodyRequest(server.url, registrationPath, server.accessToken, data, done)
    })

    it('Should fail with an incorrect username', function (done) {
      const data = {
        username: 'my username',
        email: 'test@example.com',
        password: 'mysuperpassword'
      }

      requestsUtils.makePostBodyRequest(server.url, registrationPath, server.accessToken, data, done)
    })

    it('Should fail with a missing email', function (done) {
      const data = {
        username: 'ji',
        password: 'mysuperpassword'
      }

      requestsUtils.makePostBodyRequest(server.url, registrationPath, server.accessToken, data, done)
    })

    it('Should fail with an invalid email', function (done) {
      const data = {
        username: 'mysuperusernamewhichisverylong',
        email: 'testexample.com',
        password: 'mysuperpassword'
      }

      requestsUtils.makePostBodyRequest(server.url, registrationPath, server.accessToken, data, done)
    })

    it('Should fail with a too small password', function (done) {
      const data = {
        username: 'myusername',
        email: 'test@example.com',
        password: 'bla'
      }

      requestsUtils.makePostBodyRequest(server.url, registrationPath, server.accessToken, data, done)
    })

    it('Should fail with a too long password', function (done) {
      const data = {
        username: 'myusername',
        email: 'test@example.com',
        password: 'my super long password which is very very very very very very very very very very very very very very' +
                  'very very very very very very very very very very very very very very very veryv very very very very' +
                  'very very very very very very very very very very very very very very very very very very very very long'
      }

      requestsUtils.makePostBodyRequest(server.url, registrationPath, server.accessToken, data, done)
    })

    it('Should fail if we register a user with the same username', function (done) {
      const data = {
        username: 'root',
        email: 'test@example.com',
        password: 'my super password'
      }

      requestsUtils.makePostBodyRequest(server.url, registrationPath, server.accessToken, data, done, 409)
    })

    it('Should fail if we register a user with the same email', function (done) {
      const data = {
        username: 'myusername',
        email: 'admin1@example.com',
        password: 'my super password'
      }

      requestsUtils.makePostBodyRequest(server.url, registrationPath, server.accessToken, data, done, 409)
    })

    it('Should succeed with the correct params', function (done) {
      const data = {
        username: 'user3',
        email: 'test3@example.com',
        password: 'my super password'
      }

      requestsUtils.makePostBodyRequest(server.url, registrationPath, server.accessToken, data, done, 204)
    })

    it('Should fail on a server with registration disabled', function (done) {
      const data = {
        username: 'user4',
        email: 'test4@example.com',
        password: 'my super password 4'
      }

      requestsUtils.makePostBodyRequest(serverWithRegistrationDisabled.url, registrationPath, serverWithRegistrationDisabled.accessToken, data, done, 400)
    })
  })

  after(function (done) {
    process.kill(-server.app.pid)
    process.kill(-serverWithRegistrationDisabled.app.pid)

    // Keep the logs if the test failed
    if (this.ok) {
      serversUtils.flushTests(done)
    } else {
      done()
    }
  })
})