aboutsummaryrefslogblamecommitdiffhomepage
path: root/server/tests/api/check-params/users.ts
blob: 1e3533bf3cc5a3b83fb17507969e63fda3b711af (plain) (tree)




















                                         
                                             























                                                                    

                                                                                    




















                                                                      
                                                                   







                                                                     
                                                                   







                                                                
                                                                   

                          














                                                                       






                                                                   
                                      
                            
                            








                                                                                             
                                      

                             




                                                                                             











                                                                                             



                                                                    
                                      

                             







                                                                                             
                                      

                             








                                                                                             
                                      

                             








                                                                                             
                        

                             










                                                                                                                           
                                                                                                                             

                             








                                                                                             
                                      

                             








                                                                                                                 
                                      

                             








                                                                                                                      
                                      

                             




                                                                                                                      



                                                              

                                      









                                                                                             
























                                                                                             




                                                                                             



                                                                    
                                      

                           















                                                                                                                      

                                      




                                                                                                                   




                                                                         
 
                                                                                                         






                                                                   
                                                                                                      








                                                                                                                            
                                                                                                      






                                                                                
                                                                                                      






                                                                        
                                                                                                                             




                                                                    

                                        

       






                                                                                                                               
                                                                    




















                                                                                                           







                                                                                                           










                                                                                                                               

                                


                                                                                                                                    



































































































































































































































                                                                                                                                        































                                                                                                                                    








                                                              
/* tslint:disable:no-unused-expression */

import * as request from 'supertest'
import 'mocha'

import {
  ServerInfo,
  flushTests,
  runServer,
  uploadVideo,
  getVideosList,
  makePutBodyRequest,
  createUser,
  loginAndGetAccessToken,
  getUsersList,
  registerUser,
  setAccessTokensToServers,
  killallServers,
  makePostBodyRequest,
  getUserAccessToken
} from '../../utils'
import { UserRole } from '../../../../shared'

describe('Test users API validators', function () {
  const path = '/api/v1/users/'
  let userId: number
  let rootId: number
  let videoId: number
  let server: ServerInfo
  let serverWithRegistrationDisabled: ServerInfo
  let userAccessToken = ''

  // ---------------------------------------------------------------

  before(async function () {
    this.timeout(120000)

    await flushTests()

    server = await runServer(1)
    serverWithRegistrationDisabled = await runServer(2)

    await setAccessTokensToServers([ server ])

    const username = 'user1'
    const password = 'my super password'
    const videoQuota = 42000000
    await createUser(server.url, server.accessToken, username, password, videoQuota)

    const videoAttributes = {}
    await uploadVideo(server.url, server.accessToken, videoAttributes)

    const res = await getVideosList(server.url)
    const videos = res.body.data
    videoId = videos[0].id

    const user = {
      username: 'user1',
      password: 'my super password'
    }
    userAccessToken = await getUserAccessToken(server, user)
  })

  describe('When listing users', function () {
    it('Should fail with a bad start pagination', async function () {
      await request(server.url)
              .get(path)
              .query({ start: 'hello' })
              .set('Accept', 'application/json')
              .set('Authorization', 'Bearer ' + server.accessToken)
              .expect(400)
    })

    it('Should fail with a bad count pagination', async function () {
      await request(server.url)
              .get(path)
              .query({ count: 'hello' })
              .set('Accept', 'application/json')
              .set('Authorization', 'Bearer ' + server.accessToken)
              .expect(400)
    })

    it('Should fail with an incorrect sort', async function () {
      await request(server.url)
              .get(path)
              .query({ sort: 'hello' })
              .set('Accept', 'application/json')
              .set('Authorization', 'Bearer ' + server.accessToken)
              .expect(400)
    })

    it('Should fail with a non authenticated user', async function () {
      await request(server.url)
        .get(path)
        .set('Accept', 'application/json')
        .expect(401)
    })

    it('Should fail with a non admin user', async function () {
      await request(server.url)
        .get(path)
        .set('Accept', 'application/json')
        .set('Authorization', 'Bearer ' + userAccessToken)
        .expect(403)
    })
  })

  describe('When adding a new user', function () {
    it('Should fail with a too small username', async function () {
      const fields = {
        username: 'ji',
        email: 'test@example.com',
        password: 'my_super_password',
        role: UserRole.USER,
        videoQuota: 42000000
      }

      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
    })

    it('Should fail with a too long username', async function () {
      const fields = {
        username: 'my_super_username_which_is_very_long',
        email: 'test@example.com',
        password: 'my_super_password',
        videoQuota: 42000000,
        role: UserRole.USER
      }

      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
    })

    it('Should fail with a not lowercase username', async function () {
      const fields = {
        username: 'Toto',
        email: 'test@example.com',
        password: 'my_super_password',
        videoQuota: 42000000,
        role: UserRole.USER
      }

      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
    })

    it('Should fail with an incorrect username', async function () {
      const fields = {
        username: 'my username',
        email: 'test@example.com',
        password: 'my_super_password',
        videoQuota: 42000000,
        role: UserRole.USER
      }

      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
    })

    it('Should fail with a missing email', async function () {
      const fields = {
        username: 'ji',
        password: 'my_super_password',
        videoQuota: 42000000,
        role: UserRole.USER
      }

      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
    })

    it('Should fail with an invalid email', async function () {
      const fields = {
        username: 'my_super_username_which_is_very_long',
        email: 'test_example.com',
        password: 'my_super_password',
        videoQuota: 42000000,
        role: UserRole.USER
      }

      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
    })

    it('Should fail with a too small password', async function () {
      const fields = {
        username: 'my_username',
        email: 'test@example.com',
        password: 'bla',
        videoQuota: 42000000,
        role: UserRole.USER
      }

      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
    })

    it('Should fail with a too long password', async function () {
      const fields = {
        username: 'my_username',
        email: 'test@example.com',
        password: 'my super long password which is very very very very very very very very very very very very very very' +
                  'very very very very very very very very very very very very very very very veryv very very very very' +
                  'very very very very very very very very very very very very very very very very very very very very long',
        videoQuota: 42000000,
        role: UserRole.USER
      }

      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
    })

    it('Should fail with an non authenticated user', async function () {
      const fields = {
        username: 'my_username',
        email: 'test@example.com',
        password: 'my super password',
        videoQuota: 42000000,
        role: UserRole.USER
      }

      await makePostBodyRequest({ url: server.url, path, token: 'super token', fields, statusCodeExpected: 401 })
    })

    it('Should fail if we add a user with the same username', async function () {
      const fields = {
        username: 'user1',
        email: 'test@example.com',
        password: 'my super password',
        videoQuota: 42000000,
        role: UserRole.USER
      }

      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 })
    })

    it('Should fail if we add a user with the same email', async function () {
      const fields = {
        username: 'my_username',
        email: 'user1@example.com',
        password: 'my super password',
        videoQuota: 42000000,
        role: UserRole.USER
      }

      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 })
    })

    it('Should fail without a videoQuota', async function () {
      const fields = {
        username: 'my_username',
        email: 'user1@example.com',
        password: 'my super password',
        role: UserRole.USER
      }

      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
    })

    it('Should fail with an invalid videoQuota', async function () {
      const fields = {
        username: 'my_username',
        email: 'user1@example.com',
        password: 'my super password',
        videoQuota: -5,
        role: UserRole.USER
      }

      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
    })

    it('Should fail without a user role', async function () {
      const fields = {
        username: 'my_username',
        email: 'user1@example.com',
        password: 'my super password',
        videoQuota: 0
      }

      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
    })

    it('Should fail with an invalid user role', async function () {
      const fields = {
        username: 'my_username',
        email: 'user1@example.com',
        password: 'my super password',
        videoQuota: 0,
        role: 88989
      }

      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
    })

    it('Should succeed with the correct params', async function () {
      const fields = {
        username: 'user2',
        email: 'test@example.com',
        password: 'my super password',
        videoQuota: -1,
        role: UserRole.USER
      }

      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 204 })
    })

    it('Should fail with a non admin user', async function () {
      server.user = {
        username: 'user1',
        email: 'test@example.com',
        password: 'my super password'
      }

      userAccessToken = await loginAndGetAccessToken(server)
      const fields = {
        username: 'user3',
        email: 'test@example.com',
        password: 'my super password',
        videoQuota: 42000000
      }
      await makePostBodyRequest({ url: server.url, path, token: userAccessToken, fields, statusCodeExpected: 403 })
    })
  })

  describe('When updating my account', function () {
    it('Should fail with an invalid email attribute', async function () {
      const fields = {
        email: 'blabla'
      }

      await makePutBodyRequest({ url: server.url, path: path + 'me', token: server.accessToken, fields })
    })

    it('Should fail with a too small password', async function () {
      const fields = {
        password: 'bla'
      }

      await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
    })

    it('Should fail with a too long password', async function () {
      const fields = {
        password: 'my super long password which is very very very very very very very very very very very very very very' +
                  'very very very very very very very very very very very very very very very veryv very very very very' +
                  'very very very very very very very very very very very very very very very very very very very very long'
      }

      await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
    })

    it('Should fail with an invalid display NSFW attribute', async function () {
      const fields = {
        displayNSFW: -1
      }

      await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
    })

    it('Should fail with an non authenticated user', async function () {
      const fields = {
        password: 'my super password'
      }

      await makePutBodyRequest({ url: server.url, path: path + 'me', token: 'super token', fields, statusCodeExpected: 401 })
    })

    it('Should succeed with the correct params', async function () {
      const fields = {
        password: 'my super password',
        displayNSFW: true,
        email: 'super_email@example.com'
      }

      await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields, statusCodeExpected: 204 })
    })
  })

  describe('When updating a user', function () {

    before(async function () {
      const res = await getUsersList(server.url, server.accessToken)

      userId = res.body.data[1].id
      rootId = res.body.data[2].id
    })

    it('Should fail with an invalid email attribute', async function () {
      const fields = {
        email: 'blabla'
      }

      await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
    })

    it('Should fail with an invalid videoQuota attribute', async function () {
      const fields = {
        videoQuota: -90
      }

      await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
    })

    it('Should fail with an invalid user role attribute', async function () {
      const fields = {
        role: 54878
      }

      await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
    })

    it('Should fail with an non authenticated user', async function () {
      const fields = {
        videoQuota: 42
      }

      await makePutBodyRequest({ url: server.url, path: path + userId, token: 'super token', fields, statusCodeExpected: 401 })
    })

    it('Should succeed with the correct params', async function () {
      const fields = {
        email: 'email@example.com',
        videoQuota: 42,
        role: UserRole.MODERATOR
      }

      await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields, statusCodeExpected: 204 })
    })
  })

  describe('When getting my information', function () {
    it('Should fail with a non authenticated user', async function () {
      await request(server.url)
              .get(path + 'me')
              .set('Authorization', 'Bearer fake_token')
              .set('Accept', 'application/json')
              .expect(401)
    })

    it('Should success with the correct parameters', async function () {
      await request(server.url)
              .get(path + 'me')
              .set('Authorization', 'Bearer ' + userAccessToken)
              .set('Accept', 'application/json')
              .expect(200)
    })
  })

  describe('When getting my video rating', function () {
    it('Should fail with a non authenticated user', async function () {
      await request(server.url)
              .get(path + 'me/videos/' + videoId + '/rating')
              .set('Authorization', 'Bearer fake_token')
              .set('Accept', 'application/json')
              .expect(401)
    })

    it('Should fail with an incorrect video uuid', async function () {
      await request(server.url)
              .get(path + 'me/videos/blabla/rating')
              .set('Authorization', 'Bearer ' + userAccessToken)
              .set('Accept', 'application/json')
              .expect(400)
    })

    it('Should fail with an unknown video', async function () {
      await request(server.url)
              .get(path + 'me/videos/4da6fde3-88f7-4d16-b119-108df5630b06/rating')
              .set('Authorization', 'Bearer ' + userAccessToken)
              .set('Accept', 'application/json')
              .expect(404)
    })

    it('Should success with the correct parameters', async function () {
      await request(server.url)
              .get(path + 'me/videos/' + videoId + '/rating')
              .set('Authorization', 'Bearer ' + userAccessToken)
              .set('Accept', 'application/json')
              .expect(200)
    })
  })

  describe('When removing an user', function () {
    it('Should fail with an incorrect id', async function () {
      await request(server.url)
              .delete(path + 'bla-bla')
              .set('Authorization', 'Bearer ' + server.accessToken)
              .expect(400)
    })

    it('Should fail with the root user', async function () {
      await request(server.url)
              .delete(path + rootId)
              .set('Authorization', 'Bearer ' + server.accessToken)
              .expect(400)
    })

    it('Should return 404 with a non existing id', async function () {
      await request(server.url)
              .delete(path + '45')
              .set('Authorization', 'Bearer ' + server.accessToken)
              .expect(404)
    })
  })

  describe('When removing an user', function () {
    it('Should fail with an incorrect id', async function () {
      await request(server.url)
              .delete(path + 'bla-bla')
              .set('Authorization', 'Bearer ' + server.accessToken)
              .expect(400)
    })

    it('Should fail with the root user', async function () {
      await request(server.url)
              .delete(path + rootId)
              .set('Authorization', 'Bearer ' + server.accessToken)
              .expect(400)
    })

    it('Should return 404 with a non existing id', async function () {
      await request(server.url)
              .delete(path + '45')
              .set('Authorization', 'Bearer ' + server.accessToken)
              .expect(404)
    })
  })

  describe('When register a new user', function () {
    const registrationPath = path + '/register'

    it('Should fail with a too small username', async function () {
      const fields = {
        username: 'ji',
        email: 'test@example.com',
        password: 'my_super_password'
      }

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail with a too long username', async function () {
      const fields = {
        username: 'my_super_username_which_is_very_long',
        email: 'test@example.com',
        password: 'my_super_password'
      }

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail with an incorrect username', async function () {
      const fields = {
        username: 'my username',
        email: 'test@example.com',
        password: 'my_super_password'
      }

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail with a missing email', async function () {
      const fields = {
        username: 'ji',
        password: 'my_super_password'
      }

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail with an invalid email', async function () {
      const fields = {
        username: 'my_super_username_which_is_very_long',
        email: 'test_example.com',
        password: 'my_super_password'
      }

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail with a too small password', async function () {
      const fields = {
        username: 'my_username',
        email: 'test@example.com',
        password: 'bla'
      }

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail with a too long password', async function () {
      const fields = {
        username: 'my_username',
        email: 'test@example.com',
        password: 'my super long password which is very very very very very very very very very very very very very very' +
                  'very very very very very very very very very very very very very very very veryv very very very very' +
                  'very very very very very very very very very very very very very very very very very very very very long'
      }

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail if we register a user with the same username', async function () {
      const fields = {
        username: 'root',
        email: 'test@example.com',
        password: 'my super password'
      }

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields, statusCodeExpected: 409 })
    })

    it('Should fail if we register a user with the same email', async function () {
      const fields = {
        username: 'my_username',
        email: 'admin1@example.com',
        password: 'my super password'
      }

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields, statusCodeExpected: 409 })
    })

    it('Should succeed with the correct params', async function () {
      const fields = {
        username: 'user3',
        email: 'test3@example.com',
        password: 'my super password'
      }

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields, statusCodeExpected: 204 })
    })

    it('Should fail on a server with registration disabled', async function () {
      const fields = {
        username: 'user4',
        email: 'test4@example.com',
        password: 'my super password 4'
      }

      await makePostBodyRequest({
        url: serverWithRegistrationDisabled.url,
        path: registrationPath,
        token: serverWithRegistrationDisabled.accessToken,
        fields,
        statusCodeExpected: 403
      })
    })
  })

  describe('When registering multiple users on a server with users limit', function () {
    it('Should fail when after 3 registrations', async function () {
      await registerUser(server.url, 'user42', 'super password', 403)
    })
  })

  describe('When having a video quota', function () {
    it('Should fail with a user having too many video', async function () {
      const fields = {
        videoQuota: 42
      }

      await makePutBodyRequest({ url: server.url, path: path + rootId, token: server.accessToken, fields, statusCodeExpected: 204 })

      const videoAttributes = {}
      await uploadVideo(server.url, server.accessToken, videoAttributes, 403)
    })

    it('Should fail with a registered user having too many video', async function () {
      this.timeout(10000)

      server.user = {
        username: 'user3',
        email: 'test3@example.com',
        password: 'my super password'
      }
      userAccessToken = await loginAndGetAccessToken(server)

      const videoAttributes = { fixture: 'video_short2.webm' }
      await uploadVideo(server.url, userAccessToken, videoAttributes)
      await uploadVideo(server.url, userAccessToken, videoAttributes)
      await uploadVideo(server.url, userAccessToken, videoAttributes)
      await uploadVideo(server.url, userAccessToken, videoAttributes)
      await uploadVideo(server.url, userAccessToken, videoAttributes)
      await uploadVideo(server.url, userAccessToken, videoAttributes, 403)
    })
  })

  after(async function () {
    killallServers([ server, serverWithRegistrationDisabled ])

    // Keep the logs if the test failed
    if (this['ok']) {
      await flushTests()
    }
  })
})