diff options
author | Chocobozzz <florian.bigard@gmail.com> | 2017-11-29 13:18:05 +0100 |
---|---|---|
committer | Chocobozzz <florian.bigard@gmail.com> | 2017-11-29 13:18:05 +0100 |
commit | 86d13ec2aa94ec10810ddf9c8b33314bd4968791 (patch) | |
tree | 5c4175325362df2a92e367dc4077e53a700bfbad /server/tests/api/check-params/users.ts | |
parent | 165cdc75bf1942ed687f78094c2bd366839a7c99 (diff) | |
download | PeerTube-86d13ec2aa94ec10810ddf9c8b33314bd4968791.tar.gz PeerTube-86d13ec2aa94ec10810ddf9c8b33314bd4968791.tar.zst PeerTube-86d13ec2aa94ec10810ddf9c8b33314bd4968791.zip |
Users list only available when use is authenticated
And has a special right
Diffstat (limited to 'server/tests/api/check-params/users.ts')
-rw-r--r-- | server/tests/api/check-params/users.ts | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/server/tests/api/check-params/users.ts b/server/tests/api/check-params/users.ts index 578fece49..1e3533bf3 100644 --- a/server/tests/api/check-params/users.ts +++ b/server/tests/api/check-params/users.ts | |||
@@ -67,6 +67,7 @@ describe('Test users API validators', function () { | |||
67 | .get(path) | 67 | .get(path) |
68 | .query({ start: 'hello' }) | 68 | .query({ start: 'hello' }) |
69 | .set('Accept', 'application/json') | 69 | .set('Accept', 'application/json') |
70 | .set('Authorization', 'Bearer ' + server.accessToken) | ||
70 | .expect(400) | 71 | .expect(400) |
71 | }) | 72 | }) |
72 | 73 | ||
@@ -75,6 +76,7 @@ describe('Test users API validators', function () { | |||
75 | .get(path) | 76 | .get(path) |
76 | .query({ count: 'hello' }) | 77 | .query({ count: 'hello' }) |
77 | .set('Accept', 'application/json') | 78 | .set('Accept', 'application/json') |
79 | .set('Authorization', 'Bearer ' + server.accessToken) | ||
78 | .expect(400) | 80 | .expect(400) |
79 | }) | 81 | }) |
80 | 82 | ||
@@ -83,8 +85,24 @@ describe('Test users API validators', function () { | |||
83 | .get(path) | 85 | .get(path) |
84 | .query({ sort: 'hello' }) | 86 | .query({ sort: 'hello' }) |
85 | .set('Accept', 'application/json') | 87 | .set('Accept', 'application/json') |
88 | .set('Authorization', 'Bearer ' + server.accessToken) | ||
86 | .expect(400) | 89 | .expect(400) |
87 | }) | 90 | }) |
91 | |||
92 | it('Should fail with a non authenticated user', async function () { | ||
93 | await request(server.url) | ||
94 | .get(path) | ||
95 | .set('Accept', 'application/json') | ||
96 | .expect(401) | ||
97 | }) | ||
98 | |||
99 | it('Should fail with a non admin user', async function () { | ||
100 | await request(server.url) | ||
101 | .get(path) | ||
102 | .set('Accept', 'application/json') | ||
103 | .set('Authorization', 'Bearer ' + userAccessToken) | ||
104 | .expect(403) | ||
105 | }) | ||
88 | }) | 106 | }) |
89 | 107 | ||
90 | describe('When adding a new user', function () { | 108 | describe('When adding a new user', function () { |
@@ -354,7 +372,7 @@ describe('Test users API validators', function () { | |||
354 | describe('When updating a user', function () { | 372 | describe('When updating a user', function () { |
355 | 373 | ||
356 | before(async function () { | 374 | before(async function () { |
357 | const res = await getUsersList(server.url) | 375 | const res = await getUsersList(server.url, server.accessToken) |
358 | 376 | ||
359 | userId = res.body.data[1].id | 377 | userId = res.body.data[1].id |
360 | rootId = res.body.data[2].id | 378 | rootId = res.body.data[2].id |