diff options
author | Chocobozzz <florian.bigard@gmail.com> | 2017-10-27 17:27:06 +0200 |
---|---|---|
committer | Chocobozzz <florian.bigard@gmail.com> | 2017-10-27 17:27:06 +0200 |
commit | 757f0da370a992cf07afd20d3829b2748c76cc15 (patch) | |
tree | df093661b11be5d810e8853712774bf777946609 /server | |
parent | 954605a804da399317ca62afa2fb9244afa11ebf (diff) | |
download | PeerTube-757f0da370a992cf07afd20d3829b2748c76cc15.tar.gz PeerTube-757f0da370a992cf07afd20d3829b2748c76cc15.tar.zst PeerTube-757f0da370a992cf07afd20d3829b2748c76cc15.zip |
Add tests to user roles
Diffstat (limited to 'server')
-rw-r--r-- | server/initializers/migrations/0085-user-role.ts | 1 | ||||
-rw-r--r-- | server/tests/api/check-params/users.ts | 72 | ||||
-rw-r--r-- | server/tests/api/users.ts | 21 | ||||
-rw-r--r-- | server/tests/utils/users.ts | 16 |
4 files changed, 90 insertions, 20 deletions
diff --git a/server/initializers/migrations/0085-user-role.ts b/server/initializers/migrations/0085-user-role.ts index e67c5ca24..de75faec2 100644 --- a/server/initializers/migrations/0085-user-role.ts +++ b/server/initializers/migrations/0085-user-role.ts | |||
@@ -1,5 +1,4 @@ | |||
1 | import * as Sequelize from 'sequelize' | 1 | import * as Sequelize from 'sequelize' |
2 | import * as uuidv4 from 'uuid/v4' | ||
3 | 2 | ||
4 | async function up (utils: { | 3 | async function up (utils: { |
5 | transaction: Sequelize.Transaction, | 4 | transaction: Sequelize.Transaction, |
diff --git a/server/tests/api/check-params/users.ts b/server/tests/api/check-params/users.ts index ef78c8262..687999c09 100644 --- a/server/tests/api/check-params/users.ts +++ b/server/tests/api/check-params/users.ts | |||
@@ -19,6 +19,7 @@ import { | |||
19 | makePostBodyRequest, | 19 | makePostBodyRequest, |
20 | getUserAccessToken | 20 | getUserAccessToken |
21 | } from '../../utils' | 21 | } from '../../utils' |
22 | import { UserRole } from '../../../../shared' | ||
22 | 23 | ||
23 | describe('Test users API validators', function () { | 24 | describe('Test users API validators', function () { |
24 | const path = '/api/v1/users/' | 25 | const path = '/api/v1/users/' |
@@ -92,6 +93,7 @@ describe('Test users API validators', function () { | |||
92 | username: 'ji', | 93 | username: 'ji', |
93 | email: 'test@example.com', | 94 | email: 'test@example.com', |
94 | password: 'my_super_password', | 95 | password: 'my_super_password', |
96 | role: UserRole.USER, | ||
95 | videoQuota: 42000000 | 97 | videoQuota: 42000000 |
96 | } | 98 | } |
97 | 99 | ||
@@ -103,7 +105,8 @@ describe('Test users API validators', function () { | |||
103 | username: 'my_super_username_which_is_very_long', | 105 | username: 'my_super_username_which_is_very_long', |
104 | email: 'test@example.com', | 106 | email: 'test@example.com', |
105 | password: 'my_super_password', | 107 | password: 'my_super_password', |
106 | videoQuota: 42000000 | 108 | videoQuota: 42000000, |
109 | role: UserRole.USER | ||
107 | } | 110 | } |
108 | 111 | ||
109 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | 112 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) |
@@ -114,7 +117,8 @@ describe('Test users API validators', function () { | |||
114 | username: 'my username', | 117 | username: 'my username', |
115 | email: 'test@example.com', | 118 | email: 'test@example.com', |
116 | password: 'my_super_password', | 119 | password: 'my_super_password', |
117 | videoQuota: 42000000 | 120 | videoQuota: 42000000, |
121 | role: UserRole.USER | ||
118 | } | 122 | } |
119 | 123 | ||
120 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | 124 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) |
@@ -124,7 +128,8 @@ describe('Test users API validators', function () { | |||
124 | const fields = { | 128 | const fields = { |
125 | username: 'ji', | 129 | username: 'ji', |
126 | password: 'my_super_password', | 130 | password: 'my_super_password', |
127 | videoQuota: 42000000 | 131 | videoQuota: 42000000, |
132 | role: UserRole.USER | ||
128 | } | 133 | } |
129 | 134 | ||
130 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | 135 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) |
@@ -135,7 +140,8 @@ describe('Test users API validators', function () { | |||
135 | username: 'my_super_username_which_is_very_long', | 140 | username: 'my_super_username_which_is_very_long', |
136 | email: 'test_example.com', | 141 | email: 'test_example.com', |
137 | password: 'my_super_password', | 142 | password: 'my_super_password', |
138 | videoQuota: 42000000 | 143 | videoQuota: 42000000, |
144 | role: UserRole.USER | ||
139 | } | 145 | } |
140 | 146 | ||
141 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | 147 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) |
@@ -146,7 +152,8 @@ describe('Test users API validators', function () { | |||
146 | username: 'my_username', | 152 | username: 'my_username', |
147 | email: 'test@example.com', | 153 | email: 'test@example.com', |
148 | password: 'bla', | 154 | password: 'bla', |
149 | videoQuota: 42000000 | 155 | videoQuota: 42000000, |
156 | role: UserRole.USER | ||
150 | } | 157 | } |
151 | 158 | ||
152 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | 159 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) |
@@ -159,7 +166,8 @@ describe('Test users API validators', function () { | |||
159 | password: 'my super long password which is very very very very very very very very very very very very very very' + | 166 | password: 'my super long password which is very very very very very very very very very very very very very very' + |
160 | 'very very very very very very very very very very very very very very very veryv very very very very' + | 167 | 'very very very very very very very very very very very very very very very veryv very very very very' + |
161 | 'very very very very very very very very very very very very very very very very very very very very long', | 168 | 'very very very very very very very very very very very very very very very very very very very very long', |
162 | videoQuota: 42000000 | 169 | videoQuota: 42000000, |
170 | role: UserRole.USER | ||
163 | } | 171 | } |
164 | 172 | ||
165 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | 173 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) |
@@ -170,7 +178,8 @@ describe('Test users API validators', function () { | |||
170 | username: 'my_username', | 178 | username: 'my_username', |
171 | email: 'test@example.com', | 179 | email: 'test@example.com', |
172 | password: 'my super password', | 180 | password: 'my super password', |
173 | videoQuota: 42000000 | 181 | videoQuota: 42000000, |
182 | role: UserRole.USER | ||
174 | } | 183 | } |
175 | 184 | ||
176 | await makePostBodyRequest({ url: server.url, path, token: 'super token', fields, statusCodeExpected: 401 }) | 185 | await makePostBodyRequest({ url: server.url, path, token: 'super token', fields, statusCodeExpected: 401 }) |
@@ -181,7 +190,8 @@ describe('Test users API validators', function () { | |||
181 | username: 'user1', | 190 | username: 'user1', |
182 | email: 'test@example.com', | 191 | email: 'test@example.com', |
183 | password: 'my super password', | 192 | password: 'my super password', |
184 | videoQuota: 42000000 | 193 | videoQuota: 42000000, |
194 | role: UserRole.USER | ||
185 | } | 195 | } |
186 | 196 | ||
187 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 }) | 197 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 }) |
@@ -192,7 +202,8 @@ describe('Test users API validators', function () { | |||
192 | username: 'my_username', | 202 | username: 'my_username', |
193 | email: 'user1@example.com', | 203 | email: 'user1@example.com', |
194 | password: 'my super password', | 204 | password: 'my super password', |
195 | videoQuota: 42000000 | 205 | videoQuota: 42000000, |
206 | role: UserRole.USER | ||
196 | } | 207 | } |
197 | 208 | ||
198 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 }) | 209 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 }) |
@@ -202,7 +213,8 @@ describe('Test users API validators', function () { | |||
202 | const fields = { | 213 | const fields = { |
203 | username: 'my_username', | 214 | username: 'my_username', |
204 | email: 'user1@example.com', | 215 | email: 'user1@example.com', |
205 | password: 'my super password' | 216 | password: 'my super password', |
217 | role: UserRole.USER | ||
206 | } | 218 | } |
207 | 219 | ||
208 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | 220 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) |
@@ -213,7 +225,31 @@ describe('Test users API validators', function () { | |||
213 | username: 'my_username', | 225 | username: 'my_username', |
214 | email: 'user1@example.com', | 226 | email: 'user1@example.com', |
215 | password: 'my super password', | 227 | password: 'my super password', |
216 | videoQuota: -5 | 228 | videoQuota: -5, |
229 | role: UserRole.USER | ||
230 | } | ||
231 | |||
232 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | ||
233 | }) | ||
234 | |||
235 | it('Should fail without a user role', async function () { | ||
236 | const fields = { | ||
237 | username: 'my_username', | ||
238 | email: 'user1@example.com', | ||
239 | password: 'my super password', | ||
240 | videoQuota: 0 | ||
241 | } | ||
242 | |||
243 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | ||
244 | }) | ||
245 | |||
246 | it('Should fail with an invalid user role', async function () { | ||
247 | const fields = { | ||
248 | username: 'my_username', | ||
249 | email: 'user1@example.com', | ||
250 | password: 'my super password', | ||
251 | videoQuota: 0, | ||
252 | role: 88989 | ||
217 | } | 253 | } |
218 | 254 | ||
219 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | 255 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) |
@@ -224,7 +260,8 @@ describe('Test users API validators', function () { | |||
224 | username: 'user2', | 260 | username: 'user2', |
225 | email: 'test@example.com', | 261 | email: 'test@example.com', |
226 | password: 'my super password', | 262 | password: 'my super password', |
227 | videoQuota: -1 | 263 | videoQuota: -1, |
264 | role: UserRole.USER | ||
228 | } | 265 | } |
229 | 266 | ||
230 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 204 }) | 267 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 204 }) |
@@ -327,6 +364,14 @@ describe('Test users API validators', function () { | |||
327 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | 364 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) |
328 | }) | 365 | }) |
329 | 366 | ||
367 | it('Should fail with an invalid user role attribute', async function () { | ||
368 | const fields = { | ||
369 | role: 54878 | ||
370 | } | ||
371 | |||
372 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | ||
373 | }) | ||
374 | |||
330 | it('Should fail with an non authenticated user', async function () { | 375 | it('Should fail with an non authenticated user', async function () { |
331 | const fields = { | 376 | const fields = { |
332 | videoQuota: 42 | 377 | videoQuota: 42 |
@@ -338,7 +383,8 @@ describe('Test users API validators', function () { | |||
338 | it('Should succeed with the correct params', async function () { | 383 | it('Should succeed with the correct params', async function () { |
339 | const fields = { | 384 | const fields = { |
340 | email: 'email@example.com', | 385 | email: 'email@example.com', |
341 | videoQuota: 42 | 386 | videoQuota: 42, |
387 | role: UserRole.MODERATOR | ||
342 | } | 388 | } |
343 | 389 | ||
344 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields, statusCodeExpected: 204 }) | 390 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields, statusCodeExpected: 204 }) |
diff --git a/server/tests/api/users.ts b/server/tests/api/users.ts index dbf0801f3..bdef62c46 100644 --- a/server/tests/api/users.ts +++ b/server/tests/api/users.ts | |||
@@ -25,10 +25,12 @@ import { | |||
25 | updateUser, | 25 | updateUser, |
26 | updateMyUser, | 26 | updateMyUser, |
27 | registerUser, | 27 | registerUser, |
28 | removeUser | 28 | removeUser, |
29 | killallServers, | ||
30 | getUserInformation, | ||
31 | getBlacklistedVideosList | ||
29 | } from '../utils' | 32 | } from '../utils' |
30 | import { killallServers } from '../utils/servers' | 33 | import { UserRole } from '../../../shared' |
31 | import { getUserInformation } from '../utils/users' | ||
32 | 34 | ||
33 | describe('Test users', function () { | 35 | describe('Test users', function () { |
34 | let server: ServerInfo | 36 | let server: ServerInfo |
@@ -188,6 +190,7 @@ describe('Test users', function () { | |||
188 | expect(user.email).to.equal('user_1@example.com') | 190 | expect(user.email).to.equal('user_1@example.com') |
189 | expect(user.displayNSFW).to.be.false | 191 | expect(user.displayNSFW).to.be.false |
190 | expect(user.videoQuota).to.equal(2 * 1024 * 1024) | 192 | expect(user.videoQuota).to.equal(2 * 1024 * 1024) |
193 | expect(user.roleLabel).to.equal('User') | ||
191 | expect(user.id).to.be.a('number') | 194 | expect(user.id).to.be.a('number') |
192 | }) | 195 | }) |
193 | 196 | ||
@@ -234,6 +237,7 @@ describe('Test users', function () { | |||
234 | const user = users[0] | 237 | const user = users[0] |
235 | expect(user.username).to.equal('root') | 238 | expect(user.username).to.equal('root') |
236 | expect(user.email).to.equal('admin1@example.com') | 239 | expect(user.email).to.equal('admin1@example.com') |
240 | expect(user.roleLabel).to.equal('Administrator') | ||
237 | expect(user.displayNSFW).to.be.false | 241 | expect(user.displayNSFW).to.be.false |
238 | }) | 242 | }) |
239 | 243 | ||
@@ -319,7 +323,7 @@ describe('Test users', function () { | |||
319 | }) | 323 | }) |
320 | 324 | ||
321 | it('Should be able to update another user', async function () { | 325 | it('Should be able to update another user', async function () { |
322 | await updateUser(server.url, userId, accessToken, 'updated2@example.com', 42) | 326 | await updateUser(server.url, userId, accessToken, 'updated2@example.com', 42, UserRole.MODERATOR) |
323 | 327 | ||
324 | const res = await getUserInformation(server.url, accessToken, userId) | 328 | const res = await getUserInformation(server.url, accessToken, userId) |
325 | const user = res.body | 329 | const user = res.body |
@@ -328,9 +332,18 @@ describe('Test users', function () { | |||
328 | expect(user.email).to.equal('updated2@example.com') | 332 | expect(user.email).to.equal('updated2@example.com') |
329 | expect(user.displayNSFW).to.be.ok | 333 | expect(user.displayNSFW).to.be.ok |
330 | expect(user.videoQuota).to.equal(42) | 334 | expect(user.videoQuota).to.equal(42) |
335 | expect(user.roleLabel).to.equal('Moderator') | ||
331 | expect(user.id).to.be.a('number') | 336 | expect(user.id).to.be.a('number') |
332 | }) | 337 | }) |
333 | 338 | ||
339 | it('Should not be able to delete a user by a moderator', async function () { | ||
340 | await removeUser(server.url, 2, accessTokenUser, 403) | ||
341 | }) | ||
342 | |||
343 | it('Should be able to list video blacklist by a moderator', async function () { | ||
344 | await getBlacklistedVideosList(server.url, accessTokenUser) | ||
345 | }) | ||
346 | |||
334 | it('Should be able to remove this user', async function () { | 347 | it('Should be able to remove this user', async function () { |
335 | await removeUser(server.url, userId, accessToken) | 348 | await removeUser(server.url, userId, accessToken) |
336 | }) | 349 | }) |
diff --git a/server/tests/utils/users.ts b/server/tests/utils/users.ts index e5f3eb1b3..12569dd42 100644 --- a/server/tests/utils/users.ts +++ b/server/tests/utils/users.ts | |||
@@ -1,10 +1,21 @@ | |||
1 | import * as request from 'supertest' | 1 | import * as request from 'supertest' |
2 | 2 | ||
3 | function createUser (url: string, accessToken: string, username: string, password: string, videoQuota = 1000000, specialStatus = 204) { | 3 | import { UserRole } from '../../../shared' |
4 | |||
5 | function createUser ( | ||
6 | url: string, | ||
7 | accessToken: string, | ||
8 | username: string, | ||
9 | password: string, | ||
10 | videoQuota = 1000000, | ||
11 | role: UserRole = UserRole.USER, | ||
12 | specialStatus = 204 | ||
13 | ) { | ||
4 | const path = '/api/v1/users' | 14 | const path = '/api/v1/users' |
5 | const body = { | 15 | const body = { |
6 | username, | 16 | username, |
7 | password, | 17 | password, |
18 | role, | ||
8 | email: username + '@example.com', | 19 | email: username + '@example.com', |
9 | videoQuota | 20 | videoQuota |
10 | } | 21 | } |
@@ -114,12 +125,13 @@ function updateMyUser (url: string, accessToken: string, newPassword: string, di | |||
114 | .expect(204) | 125 | .expect(204) |
115 | } | 126 | } |
116 | 127 | ||
117 | function updateUser (url: string, userId: number, accessToken: string, email: string, videoQuota: number) { | 128 | function updateUser (url: string, userId: number, accessToken: string, email: string, videoQuota: number, role: UserRole) { |
118 | const path = '/api/v1/users/' + userId | 129 | const path = '/api/v1/users/' + userId |
119 | 130 | ||
120 | const toSend = {} | 131 | const toSend = {} |
121 | if (email !== undefined && email !== null) toSend['email'] = email | 132 | if (email !== undefined && email !== null) toSend['email'] = email |
122 | if (videoQuota !== undefined && videoQuota !== null) toSend['videoQuota'] = videoQuota | 133 | if (videoQuota !== undefined && videoQuota !== null) toSend['videoQuota'] = videoQuota |
134 | if (role !== undefined && role !== null) toSend['role'] = role | ||
123 | 135 | ||
124 | return request(url) | 136 | return request(url) |
125 | .put(path) | 137 | .put(path) |