Merge branch 'master' into webseed-merged

69 files changed, 3158 insertions, 1400 deletions

diff --git a/server/controllers/api/v1/clients.js b/server/controllers/api/v1/clients.js
new file mode 100644
index 000000000..5b460db2e
--- /dev/null
+++ b/server/controllers/api/v1/clients.js
@@ -0,0 +1,41 @@
+'use strict'
+
+const express = require('express')
+const mongoose = require('mongoose')
+
+const constants = require('../../../initializers/constants')
+
+const Client = mongoose.model('OAuthClient')
+
+const router = express.Router()
+
+router.get('/local', getLocalClient)
+
+// Get the client credentials for the PeerTube front end
+function getLocalClient (req, res, next) {
+  const serverHost = constants.CONFIG.WEBSERVER.HOST
+  const serverPort = constants.CONFIG.WEBSERVER.PORT
+  let headerHostShouldBe = serverHost
+  if (serverPort !== 80 && serverPort !== 443) {
+    headerHostShouldBe += ':' + serverPort
+  }
+
+  // Don't make this check if this is a test instance
+  if (process.env.NODE_ENV !== 'test' && req.get('host') !== headerHostShouldBe) {
+    return res.type('json').status(403).end()
+  }
+
+  Client.loadFirstClient(function (err, client) {
+    if (err) return next(err)
+    if (!client) return next(new Error('No client available.'))
+
+    res.json({
+      client_id: client._id,
+      client_secret: client.clientSecret
+    })
+  })
+}
+
+// ---------------------------------------------------------------------------
+
+module.exports = router
diff --git a/server/controllers/api/v1/index.js b/server/controllers/api/v1/index.js
index e0c29a8a2..2e4fb2dab 100644
--- a/server/controllers/api/v1/index.js
+++ b/server/controllers/api/v1/index.js
@@ -4,13 +4,17 @@ const express = require('express')
 
 const router = express.Router()
 
+const clientsController = require('./clients')
 const podsController = require('./pods')
 const remoteController = require('./remote')
+const requestsController = require('./requests')
 const usersController = require('./users')
 const videosController = require('./videos')
 
+router.use('/clients', clientsController)
 router.use('/pods', podsController)
 router.use('/remote', remoteController)
+router.use('/requests', requestsController)
 router.use('/users', usersController)
 router.use('/videos', videosController)
 router.use('/*', badRequest)
diff --git a/server/controllers/api/v1/pods.js b/server/controllers/api/v1/pods.js
index 2bc761fef..8ffade578 100644
--- a/server/controllers/api/v1/pods.js
+++ b/server/controllers/api/v1/pods.js
@@ -8,7 +8,10 @@ const waterfall = require('async/waterfall')
 const logger = require('../../../helpers/logger')
 const friends = require('../../../lib/friends')
 const middlewares = require('../../../middlewares')
+const admin = middlewares.admin
 const oAuth = middlewares.oauth
+const podsMiddleware = middlewares.pods
+const checkSignature = middlewares.secure.checkSignature
 const validators = middlewares.validators.pods
 const signatureValidator = middlewares.validators.remote.signature
 
@@ -16,12 +19,30 @@ const router = express.Router()
 const Pod = mongoose.model('Pod')
 const Video = mongoose.model('Video')
 
-router.get('/', listPodsUrl)
-router.post('/', validators.podsAdd, addPods)
-router.get('/makefriends', oAuth.authenticate, validators.makeFriends, makeFriends)
-router.get('/quitfriends', oAuth.authenticate, quitFriends)
+router.get('/', listPods)
+router.post('/',
+  validators.podsAdd,
+  podsMiddleware.setBodyUrlPort,
+  addPods
+)
+router.post('/makefriends',
+  oAuth.authenticate,
+  admin.ensureIsAdmin,
+  validators.makeFriends,
+  podsMiddleware.setBodyUrlsPort,
+  makeFriends
+)
+router.get('/quitfriends',
+  oAuth.authenticate,
+  admin.ensureIsAdmin,
+  quitFriends
+)
 // Post because this is a secured request
-router.post('/remove', signatureValidator, removePods)
+router.post('/remove',
+  signatureValidator,
+  checkSignature,
+  removePods
+)
 
 // ---------------------------------------------------------------------------
 
@@ -64,20 +85,27 @@ function addPods (req, res, next) {
   })
 }
 
-function listPodsUrl (req, res, next) {
-  Pod.listOnlyUrls(function (err, podsUrlList) {
+function listPods (req, res, next) {
+  Pod.list(function (err, podsUrlList) {
     if (err) return next(err)
 
-    res.json(podsUrlList)
+    res.json(getFormatedPods(podsUrlList))
   })
 }
 
 function makeFriends (req, res, next) {
-  friends.makeFriends(function (err) {
-    if (err) return next(err)
+  const urls = req.body.urls
 
-    res.type('json').status(204).end()
+  friends.makeFriends(urls, function (err) {
+    if (err) {
+      logger.error('Could not make friends.', { error: err })
+      return
+    }
+
+    logger.info('Made friends!')
   })
+
+  res.type('json').status(204).end()
 }
 
 function removePods (req, res, next) {
@@ -125,3 +153,15 @@ function quitFriends (req, res, next) {
     res.type('json').status(204).end()
   })
 }
+
+// ---------------------------------------------------------------------------
+
+function getFormatedPods (pods) {
+  const formatedPods = []
+
+  pods.forEach(function (pod) {
+    formatedPods.push(pod.toFormatedJSON())
+  })
+
+  return formatedPods
+}
diff --git a/server/controllers/api/v1/remote.js b/server/controllers/api/v1/remote.js
index f452986b8..a22c5d151 100644
--- a/server/controllers/api/v1/remote.js
+++ b/server/controllers/api/v1/remote.js
@@ -16,6 +16,7 @@ const Video = mongoose.model('Video')
 router.post('/videos',
   validators.signature,
   validators.dataToDecrypt,
+  secureMiddleware.checkSignature,
   secureMiddleware.decryptBody,
   validators.remoteVideos,
   remoteVideos
diff --git a/server/controllers/api/v1/requests.js b/server/controllers/api/v1/requests.js
new file mode 100644
index 000000000..97616424d
--- /dev/null
+++ b/server/controllers/api/v1/requests.js
@@ -0,0 +1,38 @@
+'use strict'
+
+const express = require('express')
+const mongoose = require('mongoose')
+
+const constants = require('../../../initializers/constants')
+const middlewares = require('../../../middlewares')
+const admin = middlewares.admin
+const oAuth = middlewares.oauth
+
+const Request = mongoose.model('Request')
+
+const router = express.Router()
+
+router.get('/stats',
+  oAuth.authenticate,
+  admin.ensureIsAdmin,
+  getStatsRequests
+)
+
+// ---------------------------------------------------------------------------
+
+module.exports = router
+
+// ---------------------------------------------------------------------------
+
+function getStatsRequests (req, res, next) {
+  Request.list(function (err, requests) {
+    if (err) return next(err)
+
+    return res.json({
+      requests: requests,
+      maxRequestsInParallel: constants.REQUESTS_IN_PARALLEL,
+      remainingMilliSeconds: Request.remainingMilliSeconds(),
+      milliSecondsInterval: constants.REQUESTS_INTERVAL
+    })
+  })
+}
diff --git a/server/controllers/api/v1/users.js b/server/controllers/api/v1/users.js
index fbbe6e472..975e25e68 100644
--- a/server/controllers/api/v1/users.js
+++ b/server/controllers/api/v1/users.js
@@ -1,18 +1,59 @@
 'use strict'
 
-const config = require('config')
-const mongoose = require('mongoose')
+const each = require('async/each')
 const express = require('express')
+const mongoose = require('mongoose')
+const waterfall = require('async/waterfall')
 
-const oAuth = require('../../../middlewares').oauth
+const constants = require('../../../initializers/constants')
+const friends = require('../../../lib/friends')
+const logger = require('../../../helpers/logger')
+const middlewares = require('../../../middlewares')
+const admin = middlewares.admin
+const oAuth = middlewares.oauth
+const pagination = middlewares.pagination
+const sort = middlewares.sort
+const validatorsPagination = middlewares.validators.pagination
+const validatorsSort = middlewares.validators.sort
+const validatorsUsers = middlewares.validators.users
 
-const Client = mongoose.model('OAuthClient')
+const User = mongoose.model('User')
+const Video = mongoose.model('Video')
 
 const router = express.Router()
 
-router.get('/client', getAngularClient)
+router.get('/me', oAuth.authenticate, getUserInformation)
+
+router.get('/',
+  validatorsPagination.pagination,
+  validatorsSort.usersSort,
+  sort.setUsersSort,
+  pagination.setPagination,
+  listUsers
+)
+
+router.post('/',
+  oAuth.authenticate,
+  admin.ensureIsAdmin,
+  validatorsUsers.usersAdd,
+  createUser
+)
+
+router.put('/:id',
+  oAuth.authenticate,
+  validatorsUsers.usersUpdate,
+  updateUser
+)
+
+router.delete('/:id',
+  oAuth.authenticate,
+  admin.ensureIsAdmin,
+  validatorsUsers.usersRemove,
+  removeUser
+)
+
 router.post('/token', oAuth.token, success)
-// TODO: Once https://github.com/oauthjs/node-oauth2-server/pull/289 is merged,, implement revoke token route
+// TODO: Once https://github.com/oauthjs/node-oauth2-server/pull/289 is merged, implement revoke token route
 
 // ---------------------------------------------------------------------------
 
@@ -20,26 +61,91 @@ module.exports = router
 
 // ---------------------------------------------------------------------------
 
-function getAngularClient (req, res, next) {
-  const serverHost = config.get('webserver.host')
-  const serverPort = config.get('webserver.port')
-  let headerHostShouldBe = serverHost
-  if (serverPort !== 80 && serverPort !== 443) {
-    headerHostShouldBe += ':' + serverPort
-  }
+function createUser (req, res, next) {
+  const user = new User({
+    username: req.body.username,
+    password: req.body.password,
+    role: constants.USER_ROLES.USER
+  })
 
-  // Don't make this check if this is a test instance
-  if (process.env.NODE_ENV !== 'test' && req.get('host') !== headerHostShouldBe) {
-    return res.type('json').status(403).end()
-  }
+  user.save(function (err, createdUser) {
+    if (err) return next(err)
 
-  Client.loadFirstClient(function (err, client) {
+    return res.type('json').status(204).end()
+  })
+}
+
+function getUserInformation (req, res, next) {
+  User.loadByUsername(res.locals.oauth.token.user.username, function (err, user) {
     if (err) return next(err)
-    if (!client) return next(new Error('No client available.'))
 
-    res.json({
-      client_id: client._id,
-      client_secret: client.clientSecret
+    return res.json(user.toFormatedJSON())
+  })
+}
+
+function listUsers (req, res, next) {
+  User.listForApi(req.query.start, req.query.count, req.query.sort, function (err, usersList, usersTotal) {
+    if (err) return next(err)
+
+    res.json(getFormatedUsers(usersList, usersTotal))
+  })
+}
+
+function removeUser (req, res, next) {
+  waterfall([
+    function getUser (callback) {
+      User.loadById(req.params.id, callback)
+    },
+
+    function getVideos (user, callback) {
+      Video.listOwnedByAuthor(user.username, function (err, videos) {
+        return callback(err, user, videos)
+      })
+    },
+
+    function removeVideosFromDB (user, videos, callback) {
+      each(videos, function (video, callbackEach) {
+        video.remove(callbackEach)
+      }, function (err) {
+        return callback(err, user, videos)
+      })
+    },
+
+    function sendInformationToFriends (user, videos, callback) {
+      videos.forEach(function (video) {
+        const params = {
+          name: video.name,
+          magnetUri: video.magnetUri
+        }
+
+        friends.removeVideoToFriends(params)
+      })
+
+      return callback(null, user)
+    },
+
+    function removeUserFromDB (user, callback) {
+      user.remove(callback)
+    }
+  ], function andFinally (err) {
+    if (err) {
+      logger.error('Errors when removed the user.', { error: err })
+      return next(err)
+    }
+
+    return res.sendStatus(204)
+  })
+}
+
+function updateUser (req, res, next) {
+  User.loadByUsername(res.locals.oauth.token.user.username, function (err, user) {
+    if (err) return next(err)
+
+    user.password = req.body.password
+    user.save(function (err) {
+      if (err) return next(err)
+
+      return res.sendStatus(204)
     })
   })
 }
@@ -47,3 +153,18 @@ function getAngularClient (req, res, next) {
 function success (req, res, next) {
   res.end()
 }
+
+// ---------------------------------------------------------------------------
+
+function getFormatedUsers (users, usersTotal) {
+  const formatedUsers = []
+
+  users.forEach(function (user) {
+    formatedUsers.push(user.toFormatedJSON())
+  })
+
+  return {
+    total: usersTotal,
+    data: formatedUsers
+  }
+}
diff --git a/server/controllers/api/v1/videos.js b/server/controllers/api/v1/videos.js
index 1f939b077..70d22f139 100644
--- a/server/controllers/api/v1/videos.js
+++ b/server/controllers/api/v1/videos.js
@@ -1,11 +1,11 @@
 'use strict'
 
-const config = require('config')
 const express = require('express')
 const mongoose = require('mongoose')
 const multer = require('multer')
 const waterfall = require('async/waterfall')
 
+const constants = require('../../../initializers/constants')
 const logger = require('../../../helpers/logger')
 const friends = require('../../../lib/friends')
 const middlewares = require('../../../middlewares')
@@ -20,13 +20,12 @@ const sort = middlewares.sort
 const utils = require('../../../helpers/utils')
 
 const router = express.Router()
-const uploads = config.get('storage.uploads')
 const Video = mongoose.model('Video')
 
 // multer configuration
 const storage = multer.diskStorage({
   destination: function (req, file, cb) {
-    cb(null, uploads)
+    cb(null, constants.CONFIG.STORAGE.UPLOAD_DIR)
   },
 
   filename: function (req, file, cb) {
@@ -142,7 +141,7 @@ function getVideo (req, res, next) {
 }
 
 function listVideos (req, res, next) {
-  Video.list(req.query.start, req.query.count, req.query.sort, function (err, videosList, videosTotal) {
+  Video.listForApi(req.query.start, req.query.count, req.query.sort, function (err, videosList, videosTotal) {
     if (err) return next(err)
 
     res.json(getFormatedVideos(videosList, videosTotal))
diff --git a/server/helpers/custom-validators/index.js b/server/helpers/custom-validators/index.js
new file mode 100644
index 000000000..96b5b20b9
--- /dev/null
+++ b/server/helpers/custom-validators/index.js
@@ -0,0 +1,17 @@
+'use strict'
+
+const miscValidators = require('./misc')
+const podsValidators = require('./pods')
+const usersValidators = require('./users')
+const videosValidators = require('./videos')
+
+const validators = {
+  misc: miscValidators,
+  pods: podsValidators,
+  users: usersValidators,
+  videos: videosValidators
+}
+
+// ---------------------------------------------------------------------------
+
+module.exports = validators
diff --git a/server/helpers/custom-validators/misc.js b/server/helpers/custom-validators/misc.js
new file mode 100644
index 000000000..052726241
--- /dev/null
+++ b/server/helpers/custom-validators/misc.js
@@ -0,0 +1,18 @@
+'use strict'
+
+const miscValidators = {
+  exists,
+  isArray
+}
+
+function exists (value) {
+  return value !== undefined && value !== null
+}
+
+function isArray (value) {
+  return Array.isArray(value)
+}
+
+// ---------------------------------------------------------------------------
+
+module.exports = miscValidators
diff --git a/server/helpers/custom-validators/pods.js b/server/helpers/custom-validators/pods.js
new file mode 100644
index 000000000..40f8b5d0b
--- /dev/null
+++ b/server/helpers/custom-validators/pods.js
@@ -0,0 +1,21 @@
+'use strict'
+
+const validator = require('express-validator').validator
+
+const miscValidators = require('./misc')
+
+const podsValidators = {
+  isEachUniqueUrlValid
+}
+
+function isEachUniqueUrlValid (urls) {
+  return miscValidators.isArray(urls) &&
+    urls.length !== 0 &&
+    urls.every(function (url) {
+      return validator.isURL(url) && urls.indexOf(url) === urls.lastIndexOf(url)
+    })
+}
+
+// ---------------------------------------------------------------------------
+
+module.exports = podsValidators
diff --git a/server/helpers/custom-validators/users.js b/server/helpers/custom-validators/users.js
new file mode 100644
index 000000000..88fa1592e
--- /dev/null
+++ b/server/helpers/custom-validators/users.js
@@ -0,0 +1,31 @@
+'use strict'
+
+const validator = require('express-validator').validator
+const values = require('lodash/values')
+
+const constants = require('../../initializers/constants')
+const USERS_CONSTRAINTS_FIELDS = constants.CONSTRAINTS_FIELDS.USERS
+
+const usersValidators = {
+  isUserPasswordValid,
+  isUserRoleValid,
+  isUserUsernameValid
+}
+
+function isUserPasswordValid (value) {
+  return validator.isLength(value, USERS_CONSTRAINTS_FIELDS.PASSWORD)
+}
+
+function isUserRoleValid (value) {
+  return values(constants.USER_ROLES).indexOf(value) !== -1
+}
+
+function isUserUsernameValid (value) {
+  const max = USERS_CONSTRAINTS_FIELDS.USERNAME.max
+  const min = USERS_CONSTRAINTS_FIELDS.USERNAME.min
+  return validator.matches(value, new RegExp(`^[a-zA-Z0-9._]{${min},${max}}$`))
+}
+
+// ---------------------------------------------------------------------------
+
+module.exports = usersValidators
diff --git a/server/helpers/custom-validators.js b/server/helpers/custom-validators/videos.js
index b666644c0..a507ff686 100644
--- a/server/helpers/custom-validators.js
+++ b/server/helpers/custom-validators/videos.js
@@ -2,66 +2,51 @@
 
 const validator = require('express-validator').validator
 
-const constants = require('../initializers/constants')
-const VIDEOS_CONSTRAINTS_FIELDS = constants.VIDEOS_CONSTRAINTS_FIELDS
-
-const customValidators = {
-  exists: exists,
-  isEachRemoteVideosValid: isEachRemoteVideosValid,
-  isArray: isArray,
-  isVideoAuthorValid: isVideoAuthorValid,
-  isVideoDateValid: isVideoDateValid,
-  isVideoDescriptionValid: isVideoDescriptionValid,
-  isVideoDurationValid: isVideoDurationValid,
-  isVideoMagnetUriValid: isVideoMagnetUriValid,
-  isVideoNameValid: isVideoNameValid,
-  isVideoPodUrlValid: isVideoPodUrlValid,
-  isVideoTagsValid: isVideoTagsValid,
-  isVideoThumbnailValid: isVideoThumbnailValid,
-  isVideoThumbnail64Valid: isVideoThumbnail64Valid
-}
-
-function exists (value) {
-  return value !== undefined && value !== null
+const constants = require('../../initializers/constants')
+const usersValidators = require('./users')
+const miscValidators = require('./misc')
+const VIDEOS_CONSTRAINTS_FIELDS = constants.CONSTRAINTS_FIELDS.VIDEOS
+
+const videosValidators = {
+  isEachRemoteVideosValid,
+  isVideoAuthorValid,
+  isVideoDateValid,
+  isVideoDescriptionValid,
+  isVideoDurationValid,
+  isVideoMagnetUriValid,
+  isVideoNameValid,
+  isVideoPodUrlValid,
+  isVideoTagsValid,
+  isVideoThumbnailValid,
+  isVideoThumbnail64Valid
 }
 
 function isEachRemoteVideosValid (requests) {
-  return requests.every(function (request) {
-    const video = request.data
-    return (
-      isRequestTypeAddValid(request.type) &&
-      isVideoAuthorValid(video.author) &&
-      isVideoDateValid(video.createdDate) &&
-      isVideoDescriptionValid(video.description) &&
-      isVideoDurationValid(video.duration) &&
-      isVideoMagnetUriValid(video.magnetUri) &&
-      isVideoNameValid(video.name) &&
-      isVideoPodUrlValid(video.podUrl) &&
-      isVideoTagsValid(video.tags) &&
-      isVideoThumbnail64Valid(video.thumbnailBase64)
-    ) ||
-    (
-      isRequestTypeRemoveValid(request.type) &&
-      isVideoNameValid(video.name) &&
-      isVideoMagnetUriValid(video.magnetUri)
-    )
-  })
-}
-
-function isArray (value) {
-  return Array.isArray(value)
-}
-
-function isRequestTypeAddValid (value) {
-  return value === 'add'
-}
-
-function isRequestTypeRemoveValid (value) {
-  return value === 'remove'
+  return miscValidators.isArray(requests) &&
+    requests.every(function (request) {
+      const video = request.data
+      return (
+        isRequestTypeAddValid(request.type) &&
+        isVideoAuthorValid(video.author) &&
+        isVideoDateValid(video.createdDate) &&
+        isVideoDescriptionValid(video.description) &&
+        isVideoDurationValid(video.duration) &&
+        isVideoMagnetUriValid(video.magnetUri) &&
+        isVideoNameValid(video.name) &&
+        isVideoPodUrlValid(video.podUrl) &&
+        isVideoTagsValid(video.tags) &&
+        isVideoThumbnail64Valid(video.thumbnailBase64)
+      ) ||
+      (
+        isRequestTypeRemoveValid(request.type) &&
+        isVideoNameValid(video.name) &&
+        isVideoMagnetUriValid(video.magnetUri)
+      )
+    })
 }
 
 function isVideoAuthorValid (value) {
-  return validator.isLength(value, VIDEOS_CONSTRAINTS_FIELDS.AUTHOR)
+  return usersValidators.isUserUsernameValid(value)
 }
 
 function isVideoDateValid (value) {
@@ -90,7 +75,7 @@ function isVideoPodUrlValid (value) {
 }
 
 function isVideoTagsValid (tags) {
-  return isArray(tags) &&
+  return miscValidators.isArray(tags) &&
          validator.isInt(tags.length, VIDEOS_CONSTRAINTS_FIELDS.TAGS) &&
          tags.every(function (tag) {
            return validator.isAlphanumeric(tag) &&
@@ -109,6 +94,14 @@ function isVideoThumbnail64Valid (value) {
 
 // ---------------------------------------------------------------------------
 
-module.exports = customValidators
+module.exports = videosValidators
 
 // ---------------------------------------------------------------------------
+
+function isRequestTypeAddValid (value) {
+  return value === 'add'
+}
+
+function isRequestTypeRemoveValid (value) {
+  return value === 'remove'
+}
diff --git a/server/helpers/logger.js b/server/helpers/logger.js
index 8ae90a4b2..590ceaeb6 100644
--- a/server/helpers/logger.js
+++ b/server/helpers/logger.js
@@ -1,23 +1,23 @@
 // Thanks http://tostring.it/2014/06/23/advanced-logging-with-nodejs/
 'use strict'
 
-const config = require('config')
 const mkdirp = require('mkdirp')
 const path = require('path')
 const winston = require('winston')
 winston.emitErrs = true
 
-const logDir = path.join(__dirname, '..', '..', config.get('storage.logs'))
-const label = config.get('webserver.host') + ':' + config.get('webserver.port')
+const constants = require('../initializers/constants')
+
+const label = constants.CONFIG.WEBSERVER.HOST + ':' + constants.CONFIG.WEBSERVER.PORT
 
 // Create the directory if it does not exist
-mkdirp.sync(logDir)
+mkdirp.sync(constants.CONFIG.STORAGE.LOG_DIR)
 
 const logger = new winston.Logger({
   transports: [
     new winston.transports.File({
       level: 'debug',
-      filename: path.join(logDir, 'all-logs.log'),
+      filename: path.join(constants.CONFIG.STORAGE.LOG_DIR, 'all-logs.log'),
       handleExceptions: true,
       json: true,
       maxsize: 5242880,
diff --git a/server/helpers/peertube-crypto.js b/server/helpers/peertube-crypto.js
index 46dff8d03..1ff638b04 100644
--- a/server/helpers/peertube-crypto.js
+++ b/server/helpers/peertube-crypto.js
@@ -1,24 +1,24 @@
 'use strict'
 
-const config = require('config')
+const bcrypt = require('bcrypt')
 const crypto = require('crypto')
 const fs = require('fs')
 const openssl = require('openssl-wrapper')
-const path = require('path')
 const ursa = require('ursa')
 
+const constants = require('../initializers/constants')
 const logger = require('./logger')
 
-const certDir = path.join(__dirname, '..', '..', config.get('storage.certs'))
 const algorithm = 'aes-256-ctr'
 
 const peertubeCrypto = {
-  checkSignature: checkSignature,
-  createCertsIfNotExist: createCertsIfNotExist,
-  decrypt: decrypt,
-  encrypt: encrypt,
-  getCertDir: getCertDir,
-  sign: sign
+  checkSignature,
+  comparePassword,
+  createCertsIfNotExist,
+  cryptPassword,
+  decrypt,
+  encrypt,
+  sign
 }
 
 function checkSignature (publicKey, rawData, hexSignature) {
@@ -27,6 +27,14 @@ function checkSignature (publicKey, rawData, hexSignature) {
   return isValid
 }
 
+function comparePassword (plainPassword, hashPassword, callback) {
+  bcrypt.compare(plainPassword, hashPassword, function (err, isPasswordMatch) {
+    if (err) return callback(err)
+
+    return callback(null, isPasswordMatch)
+  })
+}
+
 function createCertsIfNotExist (callback) {
   certsExist(function (exist) {
     if (exist === true) {
@@ -39,8 +47,18 @@ function createCertsIfNotExist (callback) {
   })
 }
 
+function cryptPassword (password, callback) {
+  bcrypt.genSalt(constants.BCRYPT_SALT_SIZE, function (err, salt) {
+    if (err) return callback(err)
+
+    bcrypt.hash(password, salt, function (err, hash) {
+      return callback(err, hash)
+    })
+  })
+}
+
 function decrypt (key, data, callback) {
-  fs.readFile(getCertDir() + 'peertube.key.pem', function (err, file) {
+  fs.readFile(constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem', function (err, file) {
     if (err) return callback(err)
 
     const myPrivateKey = ursa.createPrivateKey(file)
@@ -67,12 +85,8 @@ function encrypt (publicKey, data, callback) {
   })
 }
 
-function getCertDir () {
-  return certDir
-}
-
 function sign (data) {
-  const myKey = ursa.createPrivateKey(fs.readFileSync(certDir + 'peertube.key.pem'))
+  const myKey = ursa.createPrivateKey(fs.readFileSync(constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem'))
   const signature = myKey.hashAndSign('sha256', data, 'utf8', 'hex')
 
   return signature
@@ -85,7 +99,7 @@ module.exports = peertubeCrypto
 // ---------------------------------------------------------------------------
 
 function certsExist (callback) {
-  fs.exists(certDir + 'peertube.key.pem', function (exists) {
+  fs.exists(constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem', function (exists) {
     return callback(exists)
   })
 }
@@ -99,15 +113,25 @@ function createCerts (callback) {
     }
 
     logger.info('Generating a RSA key...')
-    openssl.exec('genrsa', { 'out': certDir + 'peertube.key.pem', '2048': false }, function (err) {
+
+    let options = {
+      'out': constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem',
+      '2048': false
+    }
+    openssl.exec('genrsa', options, function (err) {
       if (err) {
         logger.error('Cannot create private key on this pod.')
         return callback(err)
       }
       logger.info('RSA key generated.')
 
+      options = {
+        'in': constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem',
+        'pubout': true,
+        'out': constants.CONFIG.STORAGE.CERT_DIR + 'peertube.pub'
+      }
       logger.info('Manage public key...')
-      openssl.exec('rsa', { 'in': certDir + 'peertube.key.pem', 'pubout': true, 'out': certDir + 'peertube.pub' }, function (err) {
+      openssl.exec('rsa', options, function (err) {
         if (err) {
           logger.error('Cannot create public key on this pod.')
           return callback(err)
diff --git a/server/helpers/requests.js b/server/helpers/requests.js
index 547230adc..95775c981 100644
--- a/server/helpers/requests.js
+++ b/server/helpers/requests.js
@@ -1,19 +1,14 @@
 'use strict'
 
-const config = require('config')
 const replay = require('request-replay')
 const request = require('request')
 
 const constants = require('../initializers/constants')
 const peertubeCrypto = require('./peertube-crypto')
 
-const http = config.get('webserver.https') ? 'https' : 'http'
-const host = config.get('webserver.host')
-const port = config.get('webserver.port')
-
 const requests = {
-  makeRetryRequest: makeRetryRequest,
-  makeSecureRequest: makeSecureRequest
+  makeRetryRequest,
+  makeSecureRequest
 }
 
 function makeRetryRequest (params, callback) {
@@ -29,8 +24,6 @@ function makeRetryRequest (params, callback) {
 }
 
 function makeSecureRequest (params, callback) {
-  const myUrl = http + '://' + host + ':' + port
-
   const requestParams = {
     url: params.toPod.url + params.path
   }
@@ -42,8 +35,8 @@ function makeSecureRequest (params, callback) {
     // Add signature if it is specified in the params
     if (params.sign === true) {
       requestParams.json.signature = {
-        url: myUrl,
-        signature: peertubeCrypto.sign(myUrl)
+        url: constants.CONFIG.WEBSERVER.URL,
+        signature: peertubeCrypto.sign(constants.CONFIG.WEBSERVER.URL)
       }
     }
 
diff --git a/server/helpers/utils.js b/server/helpers/utils.js
index a77116e08..9c2d402e3 100644
--- a/server/helpers/utils.js
+++ b/server/helpers/utils.js
@@ -5,8 +5,8 @@ const crypto = require('crypto')
 const logger = require('./logger')
 
 const utils = {
-  cleanForExit: cleanForExit,
-  generateRandomString: generateRandomString
+  cleanForExit,
+  generateRandomString
 }
 
 function generateRandomString (size, callback) {
diff --git a/server/initializers/checker.js b/server/initializers/checker.js
index 3831efb8d..91fbcfaf9 100644
--- a/server/initializers/checker.js
+++ b/server/initializers/checker.js
@@ -7,9 +7,9 @@ const Client = mongoose.model('OAuthClient')
 const User = mongoose.model('User')
 
 const checker = {
-  checkConfig: checkConfig,
-  clientsExist: clientsExist,
-  usersExist: usersExist
+  checkConfig,
+  clientsExist,
+  usersExist
 }
 
 // Check the config files
@@ -17,8 +17,8 @@ function checkConfig () {
   const required = [ 'listen.port',
     'webserver.https', 'webserver.host', 'webserver.port',
     'database.host', 'database.port', 'database.suffix',
-    'storage.certs', 'storage.uploads', 'storage.logs',
-    'network.friends', 'electron.debug' ]
+    'storage.certs', 'storage.uploads', 'storage.logs', 'storage.thumbnails',
+    'electron.debug' ]
   const miss = []
 
   for (const key of required) {
@@ -39,10 +39,10 @@ function clientsExist (callback) {
 }
 
 function usersExist (callback) {
-  User.list(function (err, users) {
+  User.countTotal(function (err, totalUsers) {
     if (err) return callback(err)
 
-    return callback(null, users.length !== 0)
+    return callback(null, totalUsers !== 0)
   })
 }
 
diff --git a/server/initializers/constants.js b/server/initializers/constants.js
index e0ea188af..be2e3e943 100644
--- a/server/initializers/constants.js
+++ b/server/initializers/constants.js
@@ -1,24 +1,103 @@
 'use strict'
 
-// API version of our pod
+const config = require('config')
+const path = require('path')
+
+// ---------------------------------------------------------------------------
+
+// API version
 const API_VERSION = 'v1'
 
-// Score a pod has when we create it as a friend
-const FRIEND_SCORE = {
-  BASE: 100,
-  MAX: 1000
+// Number of results by default for the pagination
+const PAGINATION_COUNT_DEFAULT = 15
+
+// Sortable columns per schema
+const SEARCHABLE_COLUMNS = {
+  VIDEOS: [ 'name', 'magnetUri', 'podUrl', 'author', 'tags' ]
 }
 
-// Time to wait between requests to the friends (10 min)
-let INTERVAL = 600000
+// Sortable columns per schema
+const SORTABLE_COLUMNS = {
+  USERS: [ 'username', '-username', 'createdDate', '-createdDate' ],
+  VIDEOS: [ 'name', '-name', 'duration', '-duration', 'createdDate', '-createdDate' ]
+}
 
 const OAUTH_LIFETIME = {
   ACCESS_TOKEN: 3600 * 4, // 4 hours
   REFRESH_TOKEN: 1209600 // 2 weeks
 }
 
-// Number of results by default for the pagination
-const PAGINATION_COUNT_DEFAULT = 15
+// ---------------------------------------------------------------------------
+
+const CONFIG = {
+  DATABASE: {
+    DBNAME: 'peertube' + config.get('database.suffix'),
+    HOST: config.get('database.host'),
+    PORT: config.get('database.port')
+  },
+  ELECTRON: {
+    DEBUG: config.get('electron.debug')
+  },
+  STORAGE: {
+    CERT_DIR: path.join(__dirname, '..', '..', config.get('storage.certs')),
+    LOG_DIR: path.join(__dirname, '..', '..', config.get('storage.logs')),
+    UPLOAD_DIR: path.join(__dirname, '..', '..', config.get('storage.uploads')),
+    THUMBNAILS_DIR: path.join(__dirname, '..', '..', config.get('storage.thumbnails'))
+  },
+  WEBSERVER: {
+    SCHEME: config.get('webserver.https') === true ? 'https' : 'http',
+    HOST: config.get('webserver.host'),
+    PORT: config.get('webserver.port')
+  }
+}
+CONFIG.WEBSERVER.URL = CONFIG.WEBSERVER.SCHEME + '://' + CONFIG.WEBSERVER.HOST + ':' + CONFIG.WEBSERVER.PORT
+
+// ---------------------------------------------------------------------------
+
+const CONSTRAINTS_FIELDS = {
+  USERS: {
+    USERNAME: { min: 3, max: 20 }, // Length
+    PASSWORD: { min: 6, max: 255 } // Length
+  },
+  VIDEOS: {
+    NAME: { min: 3, max: 50 }, // Length
+    DESCRIPTION: { min: 3, max: 250 }, // Length
+    MAGNET_URI: { min: 10 }, // Length
+    DURATION: { min: 1, max: 7200 }, // Number
+    TAGS: { min: 1, max: 3 }, // Number of total tags
+    TAG: { min: 2, max: 10 }, // Length
+    THUMBNAIL: { min: 2, max: 30 },
+    THUMBNAIL64: { min: 0, max: 20000 } // Bytes
+  }
+}
+
+// ---------------------------------------------------------------------------
+
+// Score a pod has when we create it as a friend
+const FRIEND_SCORE = {
+  BASE: 100,
+  MAX: 1000
+}
+
+// ---------------------------------------------------------------------------
+
+const MONGO_MIGRATION_SCRIPTS = [
+  {
+    script: '0005-create-application',
+    version: 5
+  },
+  {
+    script: '0010-users-password',
+    version: 10
+  },
+  {
+    script: '0015-admin-role',
+    version: 15
+  }
+]
+const LAST_MONGO_SCHEMA_VERSION = 15
+
+// ---------------------------------------------------------------------------
 
 // Number of points we add/remove from a friend after a successful/bad request
 const PODS_SCORE = {
@@ -26,28 +105,22 @@ const PODS_SCORE = {
   BONUS: 10
 }
 
+// Time to wait between requests to the friends (10 min)
+let REQUESTS_INTERVAL = 600000
+
 // Number of requests in parallel we can make
 const REQUESTS_IN_PARALLEL = 10
 
-// How many requests we put in request (request scheduler)
+// How many requests we put in request
 const REQUESTS_LIMIT = 10
 
 // Number of requests to retry for replay requests module
 const RETRY_REQUESTS = 5
 
-// Sortable columns per schema
-const SEARCHABLE_COLUMNS = {
-  VIDEOS: [ 'name', 'magnetUri', 'podUrl', 'author', 'tags' ]
-}
-
-// Seeds in parallel we send to electron when "seed all"
-// Once a video is in seeding state we seed another video etc
-const SEEDS_IN_PARALLEL = 3
+// ---------------------------------------------------------------------------
 
-// Sortable columns per schema
-const SORTABLE_COLUMNS = {
-  VIDEOS: [ 'name', '-name', 'duration', '-duration', 'createdDate', '-createdDate' ]
-}
+// Password encryption
+const BCRYPT_SALT_SIZE = 10
 
 // Express static paths (router)
 const STATIC_PATHS = {
@@ -59,43 +132,47 @@ const STATIC_PATHS = {
 // Videos thumbnail size
 const THUMBNAILS_SIZE = '200x110'
 
-const VIDEOS_CONSTRAINTS_FIELDS = {
-  NAME: { min: 3, max: 50 }, // Length
-  DESCRIPTION: { min: 3, max: 250 }, // Length
-  MAGNET_URI: { min: 10 }, // Length
-  DURATION: { min: 1, max: 7200 }, // Number
-  AUTHOR: { min: 3, max: 20 }, // Length
-  TAGS: { min: 1, max: 3 }, // Number of total tags
-  TAG: { min: 2, max: 10 }, // Length
-  THUMBNAIL: { min: 2, max: 30 },
-  THUMBNAIL64: { min: 0, max: 20000 } // Bytes
+const USER_ROLES = {
+  ADMIN: 'admin',
+  USER: 'user'
 }
 
+// Seeds in parallel we send to electron when "seed all"
+// Once a video is in seeding state we seed another video etc
+const SEEDS_IN_PARALLEL = 3
+
+// ---------------------------------------------------------------------------
+
 // Special constants for a test instance
 if (isTestInstance() === true) {
+  CONSTRAINTS_FIELDS.VIDEOS.DURATION.max = 14
   FRIEND_SCORE.BASE = 20
-  INTERVAL = 10000
-  VIDEOS_CONSTRAINTS_FIELDS.DURATION.max = 14
+  REQUESTS_INTERVAL = 10000
 }
 
 // ---------------------------------------------------------------------------
 
 module.exports = {
-  API_VERSION: API_VERSION,
-  FRIEND_SCORE: FRIEND_SCORE,
-  INTERVAL: INTERVAL,
-  OAUTH_LIFETIME: OAUTH_LIFETIME,
-  PAGINATION_COUNT_DEFAULT: PAGINATION_COUNT_DEFAULT,
-  PODS_SCORE: PODS_SCORE,
-  REQUESTS_IN_PARALLEL: REQUESTS_IN_PARALLEL,
-  REQUESTS_LIMIT: REQUESTS_LIMIT,
-  RETRY_REQUESTS: RETRY_REQUESTS,
-  SEARCHABLE_COLUMNS: SEARCHABLE_COLUMNS,
-  SEEDS_IN_PARALLEL: SEEDS_IN_PARALLEL,
-  SORTABLE_COLUMNS: SORTABLE_COLUMNS,
-  STATIC_PATHS: STATIC_PATHS,
-  THUMBNAILS_SIZE: THUMBNAILS_SIZE,
-  VIDEOS_CONSTRAINTS_FIELDS: VIDEOS_CONSTRAINTS_FIELDS
+  API_VERSION,
+  BCRYPT_SALT_SIZE,
+  CONFIG,
+  CONSTRAINTS_FIELDS,
+  FRIEND_SCORE,
+  LAST_MONGO_SCHEMA_VERSION,
+  MONGO_MIGRATION_SCRIPTS,
+  OAUTH_LIFETIME,
+  PAGINATION_COUNT_DEFAULT,
+  PODS_SCORE,
+  REQUESTS_IN_PARALLEL,
+  REQUESTS_INTERVAL,
+  REQUESTS_LIMIT,
+  RETRY_REQUESTS,
+  SEARCHABLE_COLUMNS,
+  SEEDS_IN_PARALLEL,
+  SORTABLE_COLUMNS,
+  STATIC_PATHS,
+  THUMBNAILS_SIZE,
+  USER_ROLES
 }
 
 // ---------------------------------------------------------------------------
diff --git a/server/initializers/database.js b/server/initializers/database.js
index 8626895ee..45c8a240d 100644
--- a/server/initializers/database.js
+++ b/server/initializers/database.js
@@ -1,30 +1,27 @@
 'use strict'
 
-const config = require('config')
 const mongoose = require('mongoose')
 
+const constants = require('../initializers/constants')
 const logger = require('../helpers/logger')
 
 // Bootstrap models
+require('../models/application')
+require('../models/oauth-token')
 require('../models/user')
 require('../models/oauth-client')
-require('../models/oauth-token')
 require('../models/pods')
 require('../models/video')
 // Request model needs Video model
 require('../models/request')
 
-const dbname = 'peertube' + config.get('database.suffix')
-const host = config.get('database.host')
-const port = config.get('database.port')
-
 const database = {
   connect: connect
 }
 
 function connect () {
   mongoose.Promise = global.Promise
-  mongoose.connect('mongodb://' + host + ':' + port + '/' + dbname)
+  mongoose.connect('mongodb://' + constants.CONFIG.DATABASE.HOST + ':' + constants.CONFIG.DATABASE.PORT + '/' + constants.CONFIG.DATABASE.DBNAME)
   mongoose.connection.on('error', function () {
     throw new Error('Mongodb connection error.')
   })
diff --git a/server/initializers/installer.js b/server/initializers/installer.js
index 32830d4da..1df300ba8 100644
--- a/server/initializers/installer.js
+++ b/server/initializers/installer.js
@@ -9,14 +9,16 @@ const path = require('path')
 const series = require('async/series')
 
 const checker = require('./checker')
+const constants = require('./constants')
 const logger = require('../helpers/logger')
 const peertubeCrypto = require('../helpers/peertube-crypto')
 
+const Application = mongoose.model('Application')
 const Client = mongoose.model('OAuthClient')
 const User = mongoose.model('User')
 
 const installer = {
-  installApplication: installApplication
+  installApplication
 }
 
 function installApplication (callback) {
@@ -34,7 +36,7 @@ function installApplication (callback) {
     },
 
     function createOAuthUser (callbackAsync) {
-      createOAuthUserIfNotExist(callbackAsync)
+      createOAuthAdminIfNotExist(callbackAsync)
     }
   ], callback)
 }
@@ -80,7 +82,7 @@ function createOAuthClientIfNotExist (callback) {
   })
 }
 
-function createOAuthUserIfNotExist (callback) {
+function createOAuthAdminIfNotExist (callback) {
   checker.usersExist(function (err, exist) {
     if (err) return callback(err)
 
@@ -90,6 +92,7 @@ function createOAuthUserIfNotExist (callback) {
     logger.info('Creating the administrator.')
 
     const username = 'root'
+    const role = constants.USER_ROLES.ADMIN
     let password = ''
 
     // Do not generate a random password for tests
@@ -104,17 +107,20 @@ function createOAuthUserIfNotExist (callback) {
     }
 
     const user = new User({
-      username: username,
-      password: password
+      username,
+      password,
+      role
     })
 
     user.save(function (err, createdUser) {
       if (err) return callback(err)
 
-      logger.info('Username: ' + createdUser.username)
-      logger.info('User password: ' + createdUser.password)
+      logger.info('Username: ' + username)
+      logger.info('User password: ' + password)
 
-      return callback(null)
+      logger.info('Creating Application collection.')
+      const application = new Application({ mongoSchemaVersion: constants.LAST_MONGO_SCHEMA_VERSION })
+      application.save(callback)
     })
   })
 }
diff --git a/server/initializers/migrations/0005-create-application.js b/server/initializers/migrations/0005-create-application.js
new file mode 100644
index 000000000..e99dec019
--- /dev/null
+++ b/server/initializers/migrations/0005-create-application.js
@@ -0,0 +1,17 @@
+/*
+  Create the application collection in MongoDB.
+  Used to store the actual MongoDB scheme version.
+*/
+
+const mongoose = require('mongoose')
+
+const Application = mongoose.model('Application')
+
+exports.up = function (callback) {
+  const application = new Application()
+  application.save(callback)
+}
+
+exports.down = function (callback) {
+  throw new Error('Not implemented.')
+}
diff --git a/server/initializers/migrations/0010-users-password.js b/server/initializers/migrations/0010-users-password.js
new file mode 100644
index 000000000..a0616a269
--- /dev/null
+++ b/server/initializers/migrations/0010-users-password.js
@@ -0,0 +1,22 @@
+/*
+  Convert plain user password to encrypted user password.
+*/
+
+const eachSeries = require('async/eachSeries')
+const mongoose = require('mongoose')
+
+const User = mongoose.model('User')
+
+exports.up = function (callback) {
+  User.list(function (err, users) {
+    if (err) return callback(err)
+
+    eachSeries(users, function (user, callbackEach) {
+      user.save(callbackEach)
+    }, callback)
+  })
+}
+
+exports.down = function (callback) {
+  throw new Error('Not implemented.')
+}
diff --git a/server/initializers/migrations/0015-admin-role.js b/server/initializers/migrations/0015-admin-role.js
new file mode 100644
index 000000000..af06dca9e
--- /dev/null
+++ b/server/initializers/migrations/0015-admin-role.js
@@ -0,0 +1,16 @@
+/*
+  Set the admin role to the root user.
+*/
+
+const constants = require('../constants')
+const mongoose = require('mongoose')
+
+const User = mongoose.model('User')
+
+exports.up = function (callback) {
+  User.update({ username: 'root' }, { role: constants.USER_ROLES.ADMIN }, callback)
+}
+
+exports.down = function (callback) {
+  throw new Error('Not implemented.')
+}
diff --git a/server/initializers/migrator.js b/server/initializers/migrator.js
new file mode 100644
index 000000000..6b31d994f
--- /dev/null
+++ b/server/initializers/migrator.js
@@ -0,0 +1,56 @@
+'use strict'
+
+const eachSeries = require('async/eachSeries')
+const mongoose = require('mongoose')
+const path = require('path')
+
+const constants = require('./constants')
+const logger = require('../helpers/logger')
+
+const Application = mongoose.model('Application')
+
+const migrator = {
+  migrate: migrate
+}
+
+function migrate (callback) {
+  Application.loadMongoSchemaVersion(function (err, actualVersion) {
+    if (err) return callback(err)
+
+    // If there are a new mongo schemas
+    if (!actualVersion || actualVersion < constants.LAST_MONGO_SCHEMA_VERSION) {
+      logger.info('Begin migrations.')
+
+      eachSeries(constants.MONGO_MIGRATION_SCRIPTS, function (entity, callbackEach) {
+        const versionScript = entity.version
+
+        // Do not execute old migration scripts
+        if (versionScript <= actualVersion) return callbackEach(null)
+
+        // Load the migration module and run it
+        const migrationScriptName = entity.script
+        logger.info('Executing %s migration script.', migrationScriptName)
+
+        const migrationScript = require(path.join(__dirname, 'migrations', migrationScriptName))
+        migrationScript.up(function (err) {
+          if (err) return callbackEach(err)
+
+          // Update the new mongo version schema
+          Application.updateMongoSchemaVersion(versionScript, callbackEach)
+        })
+      }, function (err) {
+        if (err) return callback(err)
+
+        logger.info('Migrations finished. New mongo version schema: %s', constants.LAST_MONGO_SCHEMA_VERSION)
+        return callback(null)
+      })
+    } else {
+      return callback(null)
+    }
+  })
+}
+
+// ---------------------------------------------------------------------------
+
+module.exports = migrator
+
diff --git a/server/lib/friends.js b/server/lib/friends.js
index 6e1516b94..556d2e773 100644
--- a/server/lib/friends.js
+++ b/server/lib/friends.js
@@ -1,6 +1,5 @@
 'use strict'
 
-const config = require('config')
 const each = require('async/each')
 const eachLimit = require('async/eachLimit')
 const eachSeries = require('async/eachSeries')
@@ -11,24 +10,20 @@ const waterfall = require('async/waterfall')
 
 const constants = require('../initializers/constants')
 const logger = require('../helpers/logger')
-const peertubeCrypto = require('../helpers/peertube-crypto')
 const requests = require('../helpers/requests')
 
-const http = config.get('webserver.https') ? 'https' : 'http'
-const host = config.get('webserver.host')
-const port = config.get('webserver.port')
 const Pod = mongoose.model('Pod')
 const Request = mongoose.model('Request')
 const Video = mongoose.model('Video')
 
 const friends = {
-  addVideoToFriends: addVideoToFriends,
-  hasFriends: hasFriends,
-  getMyCertificate: getMyCertificate,
-  makeFriends: makeFriends,
-  quitFriends: quitFriends,
-  removeVideoToFriends: removeVideoToFriends,
-  sendOwnedVideosToPod: sendOwnedVideosToPod
+  addVideoToFriends,
+  hasFriends,
+  getMyCertificate,
+  makeFriends,
+  quitFriends,
+  removeVideoToFriends,
+  sendOwnedVideosToPod
 }
 
 function addVideoToFriends (video) {
@@ -45,10 +40,10 @@ function hasFriends (callback) {
 }
 
 function getMyCertificate (callback) {
-  fs.readFile(peertubeCrypto.getCertDir() + 'peertube.pub', 'utf8', callback)
+  fs.readFile(constants.CONFIG.STORAGE.CERT_DIR + 'peertube.pub', 'utf8', callback)
 }
 
-function makeFriends (callback) {
+function makeFriends (urls, callback) {
   const podsScore = {}
 
   logger.info('Make friends!')
@@ -58,8 +53,6 @@ function makeFriends (callback) {
       return callback(err)
     }
 
-    const urls = config.get('network.friends')
-
     eachSeries(urls, function (url, callbackEach) {
       computeForeignPodsList(url, podsScore, callbackEach)
     }, function (err) {
@@ -205,7 +198,12 @@ function getForeignPodsList (url, callback) {
   request.get(url + path, function (err, response, body) {
     if (err) return callback(err)
 
-    callback(null, JSON.parse(body))
+    try {
+      const json = JSON.parse(body)
+      return callback(null, json)
+    } catch (err) {
+      return callback(err)
+    }
   })
 }
 
@@ -220,7 +218,7 @@ function makeRequestsToWinningPods (cert, podsList, callback) {
       url: pod.url + '/api/' + constants.API_VERSION + '/pods/',
       method: 'POST',
       json: {
-        url: http + '://' + host + ':' + port,
+        url: constants.CONFIG.WEBSERVER.URL,
         publicKey: cert
       }
     }
diff --git a/server/lib/oauth-model.js b/server/lib/oauth-model.js
index d9f8b175a..45f796796 100644
--- a/server/lib/oauth-model.js
+++ b/server/lib/oauth-model.js
@@ -8,12 +8,12 @@ const User = mongoose.model('User')
 
 // See https://github.com/oauthjs/node-oauth2-server/wiki/Model-specification for the model specifications
 const OAuthModel = {
-  getAccessToken: getAccessToken,
-  getClient: getClient,
-  getRefreshToken: getRefreshToken,
-  getUser: getUser,
-  revokeToken: revokeToken,
-  saveToken: saveToken
+  getAccessToken,
+  getClient,
+  getRefreshToken,
+  getUser,
+  revokeToken,
+  saveToken
 }
 
 // ---------------------------------------------------------------------------
@@ -41,7 +41,22 @@ function getRefreshToken (refreshToken, callback) {
 function getUser (username, password) {
   logger.debug('Getting User (username: ' + username + ', password: ' + password + ').')
 
-  return User.getByUsernameAndPassword(username, password)
+  return User.getByUsername(username).then(function (user) {
+    if (!user) return null
+
+    // We need to return a promise
+    return new Promise(function (resolve, reject) {
+      return user.isPasswordMatch(password, function (err, isPasswordMatch) {
+        if (err) return reject(err)
+
+        if (isPasswordMatch === true) {
+          return resolve(user)
+        }
+
+        return resolve(null)
+      })
+    })
+  })
 }
 
 function revokeToken (token) {
diff --git a/server/middlewares/admin.js b/server/middlewares/admin.js
new file mode 100644
index 000000000..e6d9dc887
--- /dev/null
+++ b/server/middlewares/admin.js
@@ -0,0 +1,22 @@
+'use strict'
+
+const constants = require('../initializers/constants')
+const logger = require('../helpers/logger')
+
+const adminMiddleware = {
+  ensureIsAdmin
+}
+
+function ensureIsAdmin (req, res, next) {
+  const user = res.locals.oauth.token.user
+  if (user.role !== constants.USER_ROLES.ADMIN) {
+    logger.info('A non admin user is trying to access to an admin content.')
+    return res.sendStatus(403)
+  }
+
+  return next()
+}
+
+// ---------------------------------------------------------------------------
+
+module.exports = adminMiddleware
diff --git a/server/middlewares/index.js b/server/middlewares/index.js
index 0a233e701..3f253e31b 100644
--- a/server/middlewares/index.js
+++ b/server/middlewares/index.js
@@ -1,19 +1,23 @@
 'use strict'
 
-const oauth = require('./oauth')
-const pagination = require('./pagination')
+const adminMiddleware = require('./admin')
+const oauthMiddleware = require('./oauth')
+const paginationMiddleware = require('./pagination')
+const podsMiddleware = require('./pods')
 const validatorsMiddleware = require('./validators')
-const search = require('./search')
-const sort = require('./sort')
+const searchMiddleware = require('./search')
+const sortMiddleware = require('./sort')
 const secureMiddleware = require('./secure')
 
 const middlewares = {
-  oauth: oauth,
-  pagination: pagination,
-  validators: validatorsMiddleware,
-  search: search,
-  sort: sort,
-  secure: secureMiddleware
+  admin: adminMiddleware,
+  oauth: oauthMiddleware,
+  pagination: paginationMiddleware,
+  pods: podsMiddleware,
+  search: searchMiddleware,
+  secure: secureMiddleware,
+  sort: sortMiddleware,
+  validators: validatorsMiddleware
 }
 
 // ---------------------------------------------------------------------------
diff --git a/server/middlewares/oauth.js b/server/middlewares/oauth.js
index 91a990509..3a02b9b48 100644
--- a/server/middlewares/oauth.js
+++ b/server/middlewares/oauth.js
@@ -12,8 +12,8 @@ const oAuthServer = new OAuthServer({
 })
 
 const oAuth = {
-  authenticate: authenticate,
-  token: token
+  authenticate,
+  token
 }
 
 function authenticate (req, res, next) {
@@ -23,7 +23,7 @@ function authenticate (req, res, next) {
       return res.sendStatus(500)
     }
 
-    if (res.statusCode === 401 || res.statusCode === 400) return res.end()
+    if (res.statusCode === 401 || res.statusCode === 400 || res.statusCode === 503) return res.end()
 
     return next()
   })
diff --git a/server/middlewares/pagination.js b/server/middlewares/pagination.js
index a571e51f6..a90f60aab 100644
--- a/server/middlewares/pagination.js
+++ b/server/middlewares/pagination.js
@@ -3,7 +3,7 @@
 const constants = require('../initializers/constants')
 
 const paginationMiddleware = {
-  setPagination: setPagination
+  setPagination
 }
 
 function setPagination (req, res, next) {
diff --git a/server/middlewares/pods.js b/server/middlewares/pods.js
new file mode 100644
index 000000000..6e0874a76
--- /dev/null
+++ b/server/middlewares/pods.js
@@ -0,0 +1,62 @@
+'use strict'
+
+const urlModule = require('url')
+
+const logger = require('../helpers/logger')
+
+const podsMiddleware = {
+  setBodyUrlsPort,
+  setBodyUrlPort
+}
+
+function setBodyUrlsPort (req, res, next) {
+  for (let i = 0; i < req.body.urls.length; i++) {
+    const urlWithPort = getUrlWithPort(req.body.urls[i])
+
+    // Problem with the url parsing?
+    if (urlWithPort === null) {
+      return res.sendStatus(500)
+    }
+
+    req.body.urls[i] = urlWithPort
+  }
+
+  return next()
+}
+
+function setBodyUrlPort (req, res, next) {
+  const urlWithPort = getUrlWithPort(req.body.url)
+
+  // Problem with the url parsing?
+  if (urlWithPort === null) {
+    return res.sendStatus(500)
+  }
+
+  req.body.url = urlWithPort
+
+  return next()
+}
+
+// ---------------------------------------------------------------------------
+
+module.exports = podsMiddleware
+
+// ---------------------------------------------------------------------------
+
+function getUrlWithPort (url) {
+  const urlObj = urlModule.parse(url)
+
+  // Add the port if it is not specified
+  if (urlObj.port === null) {
+    if (urlObj.protocol === 'http:') {
+      return url + ':80'
+    } else if (urlObj.protocol === 'https:') {
+      return url + ':443'
+    } else {
+      logger.error('Unknown url protocol: ' + urlObj.protocol)
+      return null
+    }
+  }
+
+  return url
+}
diff --git a/server/middlewares/search.js b/server/middlewares/search.js
index 89302a564..bb88faf54 100644
--- a/server/middlewares/search.js
+++ b/server/middlewares/search.js
@@ -1,7 +1,7 @@
 'use strict'
 
 const searchMiddleware = {
-  setVideosSearch: setVideosSearch
+  setVideosSearch
 }
 
 function setVideosSearch (req, res, next) {
diff --git a/server/middlewares/secure.js b/server/middlewares/secure.js
index 9779c14ac..58f824d14 100644
--- a/server/middlewares/secure.js
+++ b/server/middlewares/secure.js
@@ -7,10 +7,11 @@ const peertubeCrypto = require('../helpers/peertube-crypto')
 const Pod = mongoose.model('Pod')
 
 const secureMiddleware = {
-  decryptBody: decryptBody
+  checkSignature,
+  decryptBody
 }
 
-function decryptBody (req, res, next) {
+function checkSignature (req, res, next) {
   const url = req.body.signature.url
   Pod.loadByUrl(url, function (err, pod) {
     if (err) {
@@ -28,21 +29,30 @@ function decryptBody (req, res, next) {
     const signatureOk = peertubeCrypto.checkSignature(pod.publicKey, url, req.body.signature.signature)
 
     if (signatureOk === true) {
-      peertubeCrypto.decrypt(req.body.key, req.body.data, function (err, decrypted) {
-        if (err) {
-          logger.error('Cannot decrypt data.', { error: err })
-          return res.sendStatus(500)
-        }
-
-        req.body.data = JSON.parse(decrypted)
-        delete req.body.key
-
-        next()
-      })
-    } else {
-      logger.error('Signature is not okay in decryptBody for %s.', req.body.signature.url)
-      return res.sendStatus(403)
+      return next()
+    }
+
+    logger.error('Signature is not okay in decryptBody for %s.', req.body.signature.url)
+    return res.sendStatus(403)
+  })
+}
+
+function decryptBody (req, res, next) {
+  peertubeCrypto.decrypt(req.body.key, req.body.data, function (err, decrypted) {
+    if (err) {
+      logger.error('Cannot decrypt data.', { error: err })
+      return res.sendStatus(500)
     }
+
+    try {
+      req.body.data = JSON.parse(decrypted)
+      delete req.body.key
+    } catch (err) {
+      logger.error('Error in JSON.parse', { error: err })
+      return res.sendStatus(500)
+    }
+
+    next()
   })
 }
 
diff --git a/server/middlewares/sort.js b/server/middlewares/sort.js
index 9f52290a6..f0b7274eb 100644
--- a/server/middlewares/sort.js
+++ b/server/middlewares/sort.js
@@ -1,7 +1,14 @@
 'use strict'
 
 const sortMiddleware = {
-  setVideosSort: setVideosSort
+  setUsersSort,
+  setVideosSort
+}
+
+function setUsersSort (req, res, next) {
+  if (!req.query.sort) req.query.sort = '-createdDate'
+
+  return next()
 }
 
 function setVideosSort (req, res, next) {
diff --git a/server/middlewares/validators/index.js b/server/middlewares/validators/index.js
index 0471b3f92..6c3a9c2b4 100644
--- a/server/middlewares/validators/index.js
+++ b/server/middlewares/validators/index.js
@@ -4,6 +4,7 @@ const paginationValidators = require('./pagination')
 const podsValidators = require('./pods')
 const remoteValidators = require('./remote')
 const sortValidators = require('./sort')
+const usersValidators = require('./users')
 const videosValidators = require('./videos')
 
 const validators = {
@@ -11,6 +12,7 @@ const validators = {
   pods: podsValidators,
   remote: remoteValidators,
   sort: sortValidators,
+  users: usersValidators,
   videos: videosValidators
 }
 
diff --git a/server/middlewares/validators/pagination.js b/server/middlewares/validators/pagination.js
index 8e9a01053..16682696e 100644
--- a/server/middlewares/validators/pagination.js
+++ b/server/middlewares/validators/pagination.js
@@ -4,7 +4,7 @@ const checkErrors = require('./utils').checkErrors
 const logger = require('../../helpers/logger')
 
 const validatorsPagination = {
-  pagination: pagination
+  pagination
 }
 
 function pagination (req, res, next) {
diff --git a/server/middlewares/validators/pods.js b/server/middlewares/validators/pods.js
index fda2e865f..fd3d1e2f2 100644
--- a/server/middlewares/validators/pods.js
+++ b/server/middlewares/validators/pods.js
@@ -5,23 +5,29 @@ const friends = require('../../lib/friends')
 const logger = require('../../helpers/logger')
 
 const validatorsPod = {
-  makeFriends: makeFriends,
-  podsAdd: podsAdd
+  makeFriends,
+  podsAdd
 }
 
 function makeFriends (req, res, next) {
-  friends.hasFriends(function (err, hasFriends) {
-    if (err) {
-      logger.error('Cannot know if we have friends.', { error: err })
-      res.sendStatus(500)
-    }
-
-    if (hasFriends === true) {
-      // We need to quit our friends before make new ones
-      res.sendStatus(409)
-    } else {
-      return next()
-    }
+  req.checkBody('urls', 'Should have an array of unique urls').isEachUniqueUrlValid()
+
+  logger.debug('Checking makeFriends parameters', { parameters: req.body })
+
+  checkErrors(req, res, function () {
+    friends.hasFriends(function (err, hasFriends) {
+      if (err) {
+        logger.error('Cannot know if we have friends.', { error: err })
+        res.sendStatus(500)
+      }
+
+      if (hasFriends === true) {
+        // We need to quit our friends before make new ones
+        res.sendStatus(409)
+      } else {
+        return next()
+      }
+    })
   })
 }
 
diff --git a/server/middlewares/validators/remote.js b/server/middlewares/validators/remote.js
index 1be119458..8c29ef8ca 100644
--- a/server/middlewares/validators/remote.js
+++ b/server/middlewares/validators/remote.js
@@ -4,9 +4,9 @@ const checkErrors = require('./utils').checkErrors
 const logger = require('../../helpers/logger')
 
 const validatorsRemote = {
-  dataToDecrypt: dataToDecrypt,
-  remoteVideos: remoteVideos,
-  signature: signature
+  dataToDecrypt,
+  remoteVideos,
+  signature
 }
 
 function dataToDecrypt (req, res, next) {
@@ -19,7 +19,6 @@ function dataToDecrypt (req, res, next) {
 }
 
 function remoteVideos (req, res, next) {
-  req.checkBody('data').isArray()
   req.checkBody('data').isEachRemoteVideosValid()
 
   logger.debug('Checking remoteVideos parameters', { parameters: req.body })
diff --git a/server/middlewares/validators/sort.js b/server/middlewares/validators/sort.js
index 56b63cc8b..431d3fffd 100644
--- a/server/middlewares/validators/sort.js
+++ b/server/middlewares/validators/sort.js
@@ -5,7 +5,18 @@ const constants = require('../../initializers/constants')
 const logger = require('../../helpers/logger')
 
 const validatorsSort = {
-  videosSort: videosSort
+  usersSort,
+  videosSort
+}
+
+function usersSort (req, res, next) {
+  const sortableColumns = constants.SORTABLE_COLUMNS.USERS
+
+  req.checkQuery('sort', 'Should have correct sortable column').optional().isIn(sortableColumns)
+
+  logger.debug('Checking sort parameters', { parameters: req.query })
+
+  checkErrors(req, res, next)
 }
 
 function videosSort (req, res, next) {
diff --git a/server/middlewares/validators/users.js b/server/middlewares/validators/users.js
new file mode 100644
index 000000000..d541e9124
--- /dev/null
+++ b/server/middlewares/validators/users.js
@@ -0,0 +1,67 @@
+'use strict'
+
+const mongoose = require('mongoose')
+
+const checkErrors = require('./utils').checkErrors
+const logger = require('../../helpers/logger')
+
+const User = mongoose.model('User')
+
+const validatorsUsers = {
+  usersAdd,
+  usersRemove,
+  usersUpdate
+}
+
+function usersAdd (req, res, next) {
+  req.checkBody('username', 'Should have a valid username').isUserUsernameValid()
+  req.checkBody('password', 'Should have a valid password').isUserPasswordValid()
+
+  logger.debug('Checking usersAdd parameters', { parameters: req.body })
+
+  checkErrors(req, res, function () {
+    User.loadByUsername(req.body.username, function (err, user) {
+      if (err) {
+        logger.error('Error in usersAdd request validator.', { error: err })
+        return res.sendStatus(500)
+      }
+
+      if (user) return res.status(409).send('User already exists.')
+
+      next()
+    })
+  })
+}
+
+function usersRemove (req, res, next) {
+  req.checkParams('id', 'Should have a valid id').notEmpty().isMongoId()
+
+  logger.debug('Checking usersRemove parameters', { parameters: req.params })
+
+  checkErrors(req, res, function () {
+    User.loadById(req.params.id, function (err, user) {
+      if (err) {
+        logger.error('Error in usersRemove request validator.', { error: err })
+        return res.sendStatus(500)
+      }
+
+      if (!user) return res.status(404).send('User not found')
+
+      next()
+    })
+  })
+}
+
+function usersUpdate (req, res, next) {
+  req.checkParams('id', 'Should have a valid id').notEmpty().isMongoId()
+  // Add old password verification
+  req.checkBody('password', 'Should have a valid password').isUserPasswordValid()
+
+  logger.debug('Checking usersUpdate parameters', { parameters: req.body })
+
+  checkErrors(req, res, next)
+}
+
+// ---------------------------------------------------------------------------
+
+module.exports = validatorsUsers
diff --git a/server/middlewares/validators/utils.js b/server/middlewares/validators/utils.js
index f6e5b2b38..3741b84c6 100644
--- a/server/middlewares/validators/utils.js
+++ b/server/middlewares/validators/utils.js
@@ -5,7 +5,7 @@ const util = require('util')
 const logger = require('../../helpers/logger')
 
 const validatorsUtils = {
-  checkErrors: checkErrors
+  checkErrors
 }
 
 function checkErrors (req, res, next, statusCode) {
diff --git a/server/middlewares/validators/videos.js b/server/middlewares/validators/videos.js
index 3e2af06fb..76e943e77 100644
--- a/server/middlewares/validators/videos.js
+++ b/server/middlewares/validators/videos.js
@@ -4,20 +4,21 @@ const mongoose = require('mongoose')
 
 const checkErrors = require('./utils').checkErrors
 const constants = require('../../initializers/constants')
-const customValidators = require('../../helpers/custom-validators')
+const customVideosValidators = require('../../helpers/custom-validators').videos
 const logger = require('../../helpers/logger')
 
 const Video = mongoose.model('Video')
 
 const validatorsVideos = {
-  videosAdd: videosAdd,
-  videosGet: videosGet,
-  videosRemove: videosRemove,
-  videosSearch: videosSearch
+  videosAdd,
+  videosGet,
+  videosRemove,
+  videosSearch
 }
 
 function videosAdd (req, res, next) {
   req.checkFiles('videofile[0].originalname', 'Should have an input video').notEmpty()
+  // TODO: move to constants and function
   req.checkFiles('videofile[0].mimetype', 'Should have a correct mime type').matches(/video\/(webm)|(mp4)|(ogg)/i)
   req.checkBody('name', 'Should have a valid name').isVideoNameValid()
   req.checkBody('description', 'Should have a valid description').isVideoDescriptionValid()
@@ -33,8 +34,8 @@ function videosAdd (req, res, next) {
         return res.status(400).send('Cannot retrieve metadata of the file.')
       }
 
-      if (!customValidators.isVideoDurationValid(duration)) {
-        return res.status(400).send('Duration of the video file is too big (max: ' + constants.VIDEOS_CONSTRAINTS_FIELDS.DURATION.max + 's).')
+      if (!customVideosValidators.isVideoDurationValid(duration)) {
+        return res.status(400).send('Duration of the video file is too big (max: ' + constants.CONSTRAINTS_FIELDS.VIDEOS.DURATION.max + 's).')
       }
 
       videoFile.duration = duration
@@ -76,6 +77,7 @@ function videosRemove (req, res, next) {
 
       if (!video) return res.status(404).send('Video not found')
       else if (video.isOwned() === false) return res.status(403).send('Cannot remove video of another pod')
+      else if (video.author !== res.locals.oauth.token.user.username) return res.status(403).send('Cannot remove video of another user')
 
       next()
     })
diff --git a/server/models/application.js b/server/models/application.js
new file mode 100644
index 000000000..452ac4283
--- /dev/null
+++ b/server/models/application.js
@@ -0,0 +1,31 @@
+const mongoose = require('mongoose')
+
+// ---------------------------------------------------------------------------
+
+const ApplicationSchema = mongoose.Schema({
+  mongoSchemaVersion: {
+    type: Number,
+    default: 0
+  }
+})
+
+ApplicationSchema.statics = {
+  loadMongoSchemaVersion,
+  updateMongoSchemaVersion
+}
+
+mongoose.model('Application', ApplicationSchema)
+
+// ---------------------------------------------------------------------------
+
+function loadMongoSchemaVersion (callback) {
+  return this.findOne({}, { mongoSchemaVersion: 1 }, function (err, data) {
+    const version = data ? data.mongoSchemaVersion : 0
+
+    return callback(err, version)
+  })
+}
+
+function updateMongoSchemaVersion (newVersion, callback) {
+  return this.update({}, { mongoSchemaVersion: newVersion }, callback)
+}
diff --git a/server/models/oauth-client.js b/server/models/oauth-client.js
index 45834c5a5..a1aefa985 100644
--- a/server/models/oauth-client.js
+++ b/server/models/oauth-client.js
@@ -11,9 +11,9 @@ const OAuthClientSchema = mongoose.Schema({
 OAuthClientSchema.path('clientSecret').required(true)
 
 OAuthClientSchema.statics = {
-  getByIdAndSecret: getByIdAndSecret,
-  list: list,
-  loadFirstClient: loadFirstClient
+  getByIdAndSecret,
+  list,
+  loadFirstClient
 }
 
 mongoose.model('OAuthClient', OAuthClientSchema)
diff --git a/server/models/oauth-token.js b/server/models/oauth-token.js
index f6a814c36..5beb47bed 100644
--- a/server/models/oauth-token.js
+++ b/server/models/oauth-token.js
@@ -18,9 +18,10 @@ OAuthTokenSchema.path('client').required(true)
 OAuthTokenSchema.path('user').required(true)
 
 OAuthTokenSchema.statics = {
-  getByRefreshTokenAndPopulateClient: getByRefreshTokenAndPopulateClient,
-  getByTokenAndPopulateUser: getByTokenAndPopulateUser,
-  getByRefreshToken: getByRefreshToken
+  getByRefreshTokenAndPopulateClient,
+  getByTokenAndPopulateUser,
+  getByRefreshToken,
+  removeByUserId
 }
 
 mongoose.model('OAuthToken', OAuthTokenSchema)
@@ -53,3 +54,7 @@ function getByTokenAndPopulateUser (bearerToken) {
 function getByRefreshToken (refreshToken) {
   return this.findOne({ refreshToken: refreshToken }).exec()
 }
+
+function removeByUserId (userId, callback) {
+  return this.remove({ user: userId }, callback)
+}
diff --git a/server/models/pods.js b/server/models/pods.js
index bf43d7b25..4020a9603 100644
--- a/server/models/pods.js
+++ b/server/models/pods.js
@@ -11,7 +11,11 @@ const constants = require('../initializers/constants')
 const PodSchema = mongoose.Schema({
   url: String,
   publicKey: String,
-  score: { type: Number, max: constants.FRIEND_SCORE.MAX }
+  score: { type: Number, max: constants.FRIEND_SCORE.MAX },
+  createdDate: {
+    type: Date,
+    default: Date.now
+  }
 })
 
 // TODO: set options (TLD...)
@@ -19,16 +23,19 @@ PodSchema.path('url').validate(validator.isURL)
 PodSchema.path('publicKey').required(true)
 PodSchema.path('score').validate(function (value) { return !isNaN(value) })
 
+PodSchema.methods = {
+  toFormatedJSON
+}
+
 PodSchema.statics = {
-  countAll: countAll,
-  incrementScores: incrementScores,
-  list: list,
-  listAllIds: listAllIds,
-  listOnlyUrls: listOnlyUrls,
-  listBadPods: listBadPods,
-  load: load,
-  loadByUrl: loadByUrl,
-  removeAll: removeAll
+  countAll,
+  incrementScores,
+  list,
+  listAllIds,
+  listBadPods,
+  load,
+  loadByUrl,
+  removeAll
 }
 
 PodSchema.pre('save', function (next) {
@@ -46,6 +53,19 @@ PodSchema.pre('save', function (next) {
 
 const Pod = mongoose.model('Pod', PodSchema)
 
+// ------------------------------ METHODS ------------------------------
+
+function toFormatedJSON () {
+  const json = {
+    id: this._id,
+    url: this.url,
+    score: this.score,
+    createdDate: this.createdDate
+  }
+
+  return json
+}
+
 // ------------------------------ Statics ------------------------------
 
 function countAll (callback) {
@@ -69,10 +89,6 @@ function listAllIds (callback) {
   })
 }
 
-function listOnlyUrls (callback) {
-  return this.find({}, { _id: 0, url: 1 }, callback)
-}
-
 function listBadPods (callback) {
   return this.find({ score: 0 }, callback)
 }
diff --git a/server/models/request.js b/server/models/request.js
index 4d521919a..2d1c5af15 100644
--- a/server/models/request.js
+++ b/server/models/request.js
@@ -14,19 +14,22 @@ const Pod = mongoose.model('Pod')
 const Video = mongoose.model('Video')
 
 let timer = null
+let lastRequestTimestamp = 0
 
 // ---------------------------------------------------------------------------
 
 const RequestSchema = mongoose.Schema({
   request: mongoose.Schema.Types.Mixed,
-  to: [ { type: mongoose.Schema.Types.ObjectId, ref: 'users' } ]
+  to: [ { type: mongoose.Schema.Types.ObjectId, ref: 'Pod' } ]
 })
 
 RequestSchema.statics = {
   activate,
   deactivate,
   flush,
-  forceSend
+  forceSend,
+  list,
+  remainingMilliSeconds
 }
 
 RequestSchema.pre('save', function (next) {
@@ -53,12 +56,19 @@ mongoose.model('Request', RequestSchema)
 
 function activate () {
   logger.info('Requests scheduler activated.')
-  timer = setInterval(makeRequests.bind(this), constants.INTERVAL)
+  lastRequestTimestamp = Date.now()
+
+  const self = this
+  timer = setInterval(function () {
+    lastRequestTimestamp = Date.now()
+    makeRequests.call(self)
+  }, constants.REQUESTS_INTERVAL)
 }
 
 function deactivate () {
   logger.info('Requests scheduler deactivated.')
   clearInterval(timer)
+  timer = null
 }
 
 function flush () {
@@ -72,6 +82,16 @@ function forceSend () {
   makeRequests.call(this)
 }
 
+function list (callback) {
+  this.find({ }, callback)
+}
+
+function remainingMilliSeconds () {
+  if (timer === null) return -1
+
+  return constants.REQUESTS_INTERVAL - (Date.now() - lastRequestTimestamp)
+}
+
 // ---------------------------------------------------------------------------
 
 // Make a requests to friends of a certain type
@@ -91,7 +111,13 @@ function makeRequest (toPod, requestsToMake, callback) {
   // The function fire some useful callbacks
   requests.makeSecureRequest(params, function (err, res) {
     if (err || (res.statusCode !== 200 && res.statusCode !== 201 && res.statusCode !== 204)) {
-      logger.error('Error sending secure request to %s pod.', toPod.url, { error: err || new Error('Status code not 20x') })
+      logger.error(
+        'Error sending secure request to %s pod.',
+        toPod.url,
+        {
+          error: err || new Error('Status code not 20x : ' + res.statusCode)
+        }
+      )
 
       return callback(false)
     }
@@ -148,19 +174,14 @@ function makeRequests () {
           return callbackEach()
         }
 
-        // Maybe the pod is not our friend anymore so simply remove them
+        // Maybe the pod is not our friend anymore so simply remove it
         if (!toPod) {
+          logger.info('Removing %d requests of unexisting pod %s.', requestToMake.ids.length, toPodId)
           removePodOf.call(self, requestToMake.ids, toPodId)
           return callbackEach()
         }
 
         makeRequest(toPod, requestToMake.datas, function (success) {
-          if (err) {
-            logger.error('Errors when sent request to %s.', toPod.url, { error: err })
-            // Do not stop the process just for one error
-            return callbackEach()
-          }
-
           if (success === true) {
             logger.debug('Removing requests for %s pod.', toPodId, { requestsIds: requestToMake.ids })
 
diff --git a/server/models/user.js b/server/models/user.js
index 14ffecbff..a19de7072 100644
--- a/server/models/user.js
+++ b/server/models/user.js
@@ -1,28 +1,98 @@
 const mongoose = require('mongoose')
 
+const customUsersValidators = require('../helpers/custom-validators').users
+const modelUtils = require('./utils')
+const peertubeCrypto = require('../helpers/peertube-crypto')
+
+const OAuthToken = mongoose.model('OAuthToken')
+
 // ---------------------------------------------------------------------------
 
 const UserSchema = mongoose.Schema({
+  createdDate: {
+    type: Date,
+    default: Date.now
+  },
   password: String,
-  username: String
+  username: String,
+  role: String
 })
 
-UserSchema.path('password').required(true)
-UserSchema.path('username').required(true)
+UserSchema.path('password').required(customUsersValidators.isUserPasswordValid)
+UserSchema.path('username').required(customUsersValidators.isUserUsernameValid)
+UserSchema.path('role').validate(customUsersValidators.isUserRoleValid)
+
+UserSchema.methods = {
+  isPasswordMatch,
+  toFormatedJSON
+}
 
 UserSchema.statics = {
-  getByUsernameAndPassword: getByUsernameAndPassword,
-  list: list
+  countTotal,
+  getByUsername,
+  list,
+  listForApi,
+  loadById,
+  loadByUsername
 }
 
+UserSchema.pre('save', function (next) {
+  const user = this
+
+  peertubeCrypto.cryptPassword(this.password, function (err, hash) {
+    if (err) return next(err)
+
+    user.password = hash
+
+    return next()
+  })
+})
+
+UserSchema.pre('remove', function (next) {
+  const user = this
+
+  OAuthToken.removeByUserId(user._id, next)
+})
+
 mongoose.model('User', UserSchema)
 
-// ---------------------------------------------------------------------------
+// ------------------------------ METHODS ------------------------------
+
+function isPasswordMatch (password, callback) {
+  return peertubeCrypto.comparePassword(password, this.password, callback)
+}
+
+function toFormatedJSON () {
+  return {
+    id: this._id,
+    username: this.username,
+    role: this.role,
+    createdDate: this.createdDate
+  }
+}
+// ------------------------------ STATICS ------------------------------
+
+function countTotal (callback) {
+  return this.count(callback)
+}
+
+function getByUsername (username) {
+  return this.findOne({ username: username })
+}
 
 function list (callback) {
   return this.find(callback)
 }
 
-function getByUsernameAndPassword (username, password) {
-  return this.findOne({ username: username, password: password })
+function listForApi (start, count, sort, callback) {
+  const query = {}
+  return modelUtils.listForApiWithCount.call(this, query, start, count, sort, callback)
+}
+
+function loadById (id, callback) {
+  return this.findById(id, callback)
+}
+
+function loadByUsername (username, callback) {
+  return this.findOne({ username: username }, callback)
 }
diff --git a/server/models/utils.js b/server/models/utils.js
new file mode 100644
index 000000000..e798aabe6
--- /dev/null
+++ b/server/models/utils.js
@@ -0,0 +1,30 @@
+'use strict'
+
+const parallel = require('async/parallel')
+
+const utils = {
+  listForApiWithCount
+}
+
+function listForApiWithCount (query, start, count, sort, callback) {
+  const self = this
+
+  parallel([
+    function (asyncCallback) {
+      self.find(query).skip(start).limit(count).sort(sort).exec(asyncCallback)
+    },
+    function (asyncCallback) {
+      self.count(query, asyncCallback)
+    }
+  ], function (err, results) {
+    if (err) return callback(err)
+
+    const data = results[0]
+    const total = results[1]
+    return callback(null, data, total)
+  })
+}
+
+// ---------------------------------------------------------------------------
+
+module.exports = utils
diff --git a/server/models/video.js b/server/models/video.js
index 14e0df6f2..7d073cffa 100644
--- a/server/models/video.js
+++ b/server/models/video.js
@@ -11,8 +11,9 @@ const magnet = require('magnet-uri')
 const mongoose = require('mongoose')
 
 const constants = require('../initializers/constants')
-const customValidators = require('../helpers/custom-validators')
+const customVideosValidators = require('../helpers/custom-validators').videos
 const logger = require('../helpers/logger')
+const modelUtils = require('./utils')
 const utils = require('../helpers/utils')
 
 const http = config.get('webserver.https') === true ? 'https' : 'http'
@@ -42,34 +43,35 @@ const VideoSchema = mongoose.Schema({
   }
 })
 
-VideoSchema.path('name').validate(customValidators.isVideoNameValid)
-VideoSchema.path('description').validate(customValidators.isVideoDescriptionValid)
-VideoSchema.path('magnetUri').validate(customValidators.isVideoMagnetUriValid)
-VideoSchema.path('podUrl').validate(customValidators.isVideoPodUrlValid)
-VideoSchema.path('author').validate(customValidators.isVideoAuthorValid)
-VideoSchema.path('duration').validate(customValidators.isVideoDurationValid)
+VideoSchema.path('name').validate(customVideosValidators.isVideoNameValid)
+VideoSchema.path('description').validate(customVideosValidators.isVideoDescriptionValid)
+VideoSchema.path('magnetUri').validate(customVideosValidators.isVideoMagnetUriValid)
+VideoSchema.path('podUrl').validate(customVideosValidators.isVideoPodUrlValid)
+VideoSchema.path('author').validate(customVideosValidators.isVideoAuthorValid)
+VideoSchema.path('duration').validate(customVideosValidators.isVideoDurationValid)
 // The tumbnail can be the path or the data in base 64
 // The pre save hook will convert the base 64 data in a file on disk and replace the thumbnail key by the filename
 VideoSchema.path('thumbnail').validate(function (value) {
-  return customValidators.isVideoThumbnailValid(value) || customValidators.isVideoThumbnail64Valid(value)
+  return customVideosValidators.isVideoThumbnailValid(value) || customVideosValidators.isVideoThumbnail64Valid(value)
 })
-VideoSchema.path('tags').validate(customValidators.isVideoTagsValid)
+VideoSchema.path('tags').validate(customVideosValidators.isVideoTagsValid)
 
 VideoSchema.methods = {
-  isOwned: isOwned,
-  toFormatedJSON: toFormatedJSON,
-  toRemoteJSON: toRemoteJSON
+  isOwned,
+  toFormatedJSON,
+  toRemoteJSON
 }
 
 VideoSchema.statics = {
-  getDurationFromFile: getDurationFromFile,
-  list: list,
-  listByUrlAndMagnet: listByUrlAndMagnet,
-  listByUrls: listByUrls,
-  listOwned: listOwned,
-  listRemotes: listRemotes,
-  load: load,
-  search: search
+  getDurationFromFile,
+  listForApi,
+  listByUrlAndMagnet,
+  listByUrls,
+  listOwned,
+  listOwnedByAuthor,
+  listRemotes,
+  load,
+  search
 }
 
 VideoSchema.pre('remove', function (next) {
@@ -101,8 +103,8 @@ VideoSchema.pre('save', function (next) {
   const tasks = []
 
   if (video.isOwned()) {
-    const videoPath = pathUtils.join(uploadsDir, video.filename)
-    this.podUrl = http + '://' + host + ':' + port
+    const videoPath = pathUtils.join(constants.CONFIG.STORAGE.UPLOAD_DIR, video.filename)
+    this.podUrl = constants.CONFIG.WEBSERVER.URL
 
     tasks.push(
       // TODO: refractoring
@@ -174,7 +176,7 @@ function toRemoteJSON (callback) {
   const self = this
 
   // Convert thumbnail to base64
-  fs.readFile(pathUtils.join(thumbnailsDir, this.thumbnail), function (err, thumbnailData) {
+  fs.readFile(pathUtils.join(constants.CONFIG.STORAGE.THUMBNAILS_DIR, this.thumbnail), function (err, thumbnailData) {
     if (err) {
       logger.error('Cannot read the thumbnail of the video')
       return callback(err)
@@ -207,9 +209,9 @@ function getDurationFromFile (videoPath, callback) {
   })
 }
 
-function list (start, count, sort, callback) {
+function listForApi (start, count, sort, callback) {
   const query = {}
-  return findWithCount.call(this, query, start, count, sort, callback)
+  return modelUtils.listForApiWithCount.call(this, query, start, count, sort, callback)
 }
 
 function listByUrlAndMagnet (fromUrl, magnetUri, callback) {
@@ -225,6 +227,10 @@ function listOwned (callback) {
   this.find({ filename: { $ne: null } }, callback)
 }
 
+function listOwnedByAuthor (author, callback) {
+  this.find({ filename: { $ne: null }, author: author }, callback)
+}
+
 function listRemotes (callback) {
   this.find({ filename: null }, callback)
 }
@@ -242,36 +248,17 @@ function search (value, field, start, count, sort, callback) {
     query[field] = new RegExp(value)
   }
 
-  findWithCount.call(this, query, start, count, sort, callback)
+  modelUtils.listForApiWithCount.call(this, query, start, count, sort, callback)
 }
 
 // ---------------------------------------------------------------------------
 
-function findWithCount (query, start, count, sort, callback) {
-  const self = this
-
-  parallel([
-    function (asyncCallback) {
-      self.find(query).skip(start).limit(count).sort(sort).exec(asyncCallback)
-    },
-    function (asyncCallback) {
-      self.count(query, asyncCallback)
-    }
-  ], function (err, results) {
-    if (err) return callback(err)
-
-    const videos = results[0]
-    const totalVideos = results[1]
-    return callback(null, videos, totalVideos)
-  })
-}
-
 function removeThumbnail (video, callback) {
-  fs.unlink(thumbnailsDir + video.thumbnail, callback)
+  fs.unlink(constants.CONFIG.STORAGE.THUMBNAILS_DIR + video.thumbnail, callback)
 }
 
 function removeFile (video, callback) {
-  fs.unlink(uploadsDir + video.filename, callback)
+  fs.unlink(constants.CONFIG.STORAGE.UPLOAD_DIR + video.filename, callback)
 }
 
 // Maybe the torrent is not seeded, but we catch the error to don't stop the removing process
@@ -288,7 +275,7 @@ function createThumbnail (videoPath, callback) {
     })
     .thumbnail({
       count: 1,
-      folder: thumbnailsDir,
+      folder: constants.CONFIG.STORAGE.THUMBNAILS_DIR,
       size: constants.THUMBNAILS_SIZE,
       filename: filename
     })
@@ -300,7 +287,7 @@ function generateThumbnailFromBase64 (data, callback) {
     if (err) return callback(err)
 
     const thumbnailName = randomString + '.jpg'
-    fs.writeFile(thumbnailsDir + thumbnailName, data, { encoding: 'base64' }, function (err) {
+    fs.writeFile(constants.CONFIG.STORAGE.THUMBNAILS_DIR + thumbnailName, data, { encoding: 'base64' }, function (err) {
       if (err) return callback(err)
 
       return callback(null, thumbnailName)
diff --git a/server/tests/api/check-params.js b/server/tests/api/check-params.js
new file mode 100644
index 000000000..57b5ca024
--- /dev/null
+++ b/server/tests/api/check-params.js
@@ -0,0 +1,746 @@
+'use strict'
+
+const chai = require('chai')
+const expect = chai.expect
+const pathUtils = require('path')
+const request = require('supertest')
+const series = require('async/series')
+
+const loginUtils = require('../utils/login')
+const requestsUtils = require('../utils/requests')
+const serversUtils = require('../utils/servers')
+const usersUtils = require('../utils/users')
+
+describe('Test parameters validator', function () {
+  let server = null
+  let userAccessToken = null
+
+  // ---------------------------------------------------------------
+
+  before(function (done) {
+    this.timeout(20000)
+
+    series([
+      function (next) {
+        serversUtils.flushTests(next)
+      },
+      function (next) {
+        serversUtils.runServer(1, function (server1) {
+          server = server1
+
+          next()
+        })
+      },
+      function (next) {
+        loginUtils.loginAndGetAccessToken(server, function (err, token) {
+          if (err) throw err
+          server.accessToken = token
+
+          next()
+        })
+      }
+    ], done)
+  })
+
+  describe('Of the pods API', function () {
+    const path = '/api/v1/pods/'
+
+    describe('When making friends', function () {
+      let userAccessToken = null
+
+      before(function (done) {
+        usersUtils.createUser(server.url, server.accessToken, 'user1', 'password', function () {
+          server.user = {
+            username: 'user1',
+            password: 'password'
+          }
+
+          loginUtils.loginAndGetAccessToken(server, function (err, accessToken) {
+            if (err) throw err
+
+            userAccessToken = accessToken
+
+            done()
+          })
+        })
+      })
+
+      describe('When making friends', function () {
+        const body = {
+          urls: [ 'http://localhost:9002' ]
+        }
+
+        it('Should fail without urls', function (done) {
+          request(server.url)
+            .post(path + '/makefriends')
+            .set('Authorization', 'Bearer ' + server.accessToken)
+            .set('Accept', 'application/json')
+            .expect(400, done)
+        })
+
+        it('Should fail with urls is not an array', function (done) {
+          request(server.url)
+            .post(path + '/makefriends')
+            .send({ urls: 'http://localhost:9002' })
+            .set('Authorization', 'Bearer ' + server.accessToken)
+            .set('Accept', 'application/json')
+            .expect(400, done)
+        })
+
+        it('Should fail if the array is not composed by urls', function (done) {
+          request(server.url)
+            .post(path + '/makefriends')
+            .send({ urls: [ 'http://localhost:9002', 'localhost:coucou' ] })
+            .set('Authorization', 'Bearer ' + server.accessToken)
+            .set('Accept', 'application/json')
+            .expect(400, done)
+        })
+
+        it('Should fail if urls are not unique', function (done) {
+          request(server.url)
+            .post(path + '/makefriends')
+            .send({ urls: [ 'http://localhost:9002', 'http://localhost:9002' ] })
+            .set('Authorization', 'Bearer ' + server.accessToken)
+            .set('Accept', 'application/json')
+            .expect(400, done)
+        })
+
+        it('Should fail with a invalid token', function (done) {
+          request(server.url)
+            .post(path + '/makefriends')
+            .send(body)
+            .set('Authorization', 'Bearer faketoken')
+            .set('Accept', 'application/json')
+            .expect(401, done)
+        })
+
+        it('Should fail if the user is not an administrator', function (done) {
+          request(server.url)
+            .post(path + '/makefriends')
+            .send(body)
+            .set('Authorization', 'Bearer ' + userAccessToken)
+            .set('Accept', 'application/json')
+            .expect(403, done)
+        })
+      })
+
+      describe('When quitting friends', function () {
+        it('Should fail with a invalid token', function (done) {
+          request(server.url)
+            .get(path + '/quitfriends')
+            .query({ start: 'hello' })
+            .set('Authorization', 'Bearer faketoken')
+            .set('Accept', 'application/json')
+            .expect(401, done)
+        })
+
+        it('Should fail if the user is not an administrator', function (done) {
+          request(server.url)
+            .get(path + '/quitfriends')
+            .query({ start: 'hello' })
+            .set('Authorization', 'Bearer ' + userAccessToken)
+            .set('Accept', 'application/json')
+            .expect(403, done)
+        })
+      })
+    })
+
+    describe('When adding a pod', function () {
+      it('Should fail with nothing', function (done) {
+        const data = {}
+        requestsUtils.makePostBodyRequest(server.url, path, null, data, done)
+      })
+
+      it('Should fail without public key', function (done) {
+        const data = {
+          url: 'http://coucou.com'
+        }
+        requestsUtils.makePostBodyRequest(server.url, path, null, data, done)
+      })
+
+      it('Should fail without an url', function (done) {
+        const data = {
+          publicKey: 'mysuperpublickey'
+        }
+        requestsUtils.makePostBodyRequest(server.url, path, null, data, done)
+      })
+
+      it('Should fail with an incorrect url', function (done) {
+        const data = {
+          url: 'coucou.com',
+          publicKey: 'mysuperpublickey'
+        }
+        requestsUtils.makePostBodyRequest(server.url, path, null, data, function () {
+          data.url = 'http://coucou'
+          requestsUtils.makePostBodyRequest(server.url, path, null, data, function () {
+            data.url = 'coucou'
+            requestsUtils.makePostBodyRequest(server.url, path, null, data, done)
+          })
+        })
+      })
+
+      it('Should succeed with the correct parameters', function (done) {
+        const data = {
+          url: 'http://coucou.com',
+          publicKey: 'mysuperpublickey'
+        }
+        requestsUtils.makePostBodyRequest(server.url, path, null, data, done, 200)
+      })
+    })
+  })
+
+  describe('Of the videos API', function () {
+    const path = '/api/v1/videos/'
+
+    describe('When listing a video', function () {
+      it('Should fail with a bad start pagination', function (done) {
+        request(server.url)
+          .get(path)
+          .query({ start: 'hello' })
+          .set('Accept', 'application/json')
+          .expect(400, done)
+      })
+
+      it('Should fail with a bad count pagination', function (done) {
+        request(server.url)
+          .get(path)
+          .query({ count: 'hello' })
+          .set('Accept', 'application/json')
+          .expect(400, done)
+      })
+
+      it('Should fail with an incorrect sort', function (done) {
+        request(server.url)
+          .get(path)
+          .query({ sort: 'hello' })
+          .set('Accept', 'application/json')
+          .expect(400, done)
+      })
+    })
+
+    describe('When searching a video', function () {
+      it('Should fail with nothing', function (done) {
+        request(server.url)
+          .get(pathUtils.join(path, 'search'))
+          .set('Accept', 'application/json')
+          .expect(400, done)
+      })
+
+      it('Should fail with a bad start pagination', function (done) {
+        request(server.url)
+          .get(pathUtils.join(path, 'search', 'test'))
+          .query({ start: 'hello' })
+          .set('Accept', 'application/json')
+          .expect(400, done)
+      })
+
+      it('Should fail with a bad count pagination', function (done) {
+        request(server.url)
+          .get(pathUtils.join(path, 'search', 'test'))
+          .query({ count: 'hello' })
+          .set('Accept', 'application/json')
+          .expect(400, done)
+      })
+
+      it('Should fail with an incorrect sort', function (done) {
+        request(server.url)
+          .get(pathUtils.join(path, 'search', 'test'))
+          .query({ sort: 'hello' })
+          .set('Accept', 'application/json')
+          .expect(400, done)
+      })
+    })
+
+    describe('When adding a video', function () {
+      it('Should fail with nothing', function (done) {
+        const data = {}
+        const attach = {}
+        requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, done)
+      })
+
+      it('Should fail without name', function (done) {
+        const data = {
+          description: 'my super description',
+          tags: [ 'tag1', 'tag2' ]
+        }
+        const attach = {
+          'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
+        }
+        requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, done)
+      })
+
+      it('Should fail with a long name', function (done) {
+        const data = {
+          name: 'My very very very very very very very very very very very very very very very very long name',
+          description: 'my super description',
+          tags: [ 'tag1', 'tag2' ]
+        }
+        const attach = {
+          'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
+        }
+        requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, done)
+      })
+
+      it('Should fail without description', function (done) {
+        const data = {
+          name: 'my super name',
+          tags: [ 'tag1', 'tag2' ]
+        }
+        const attach = {
+          'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
+        }
+        requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, done)
+      })
+
+      it('Should fail with a long description', function (done) {
+        const data = {
+          name: 'my super name',
+          description: 'my super description which is very very very very very very very very very very very very very very' +
+                       'very very very very very very very very very very very very very very very very very very very very very' +
+                       'very very very very very very very very very very very very very very very long',
+          tags: [ 'tag1', 'tag2' ]
+        }
+        const attach = {
+          'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
+        }
+        requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, done)
+      })
+
+      it('Should fail without tags', function (done) {
+        const data = {
+          name: 'my super name',
+          description: 'my super description'
+        }
+        const attach = {
+          'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
+        }
+        requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, done)
+      })
+
+      it('Should fail with too many tags', function (done) {
+        const data = {
+          name: 'my super name',
+          description: 'my super description',
+          tags: [ 'tag1', 'tag2', 'tag3', 'tag4' ]
+        }
+        const attach = {
+          'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
+        }
+        requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, done)
+      })
+
+      it('Should fail with not enough tags', function (done) {
+        const data = {
+          name: 'my super name',
+          description: 'my super description',
+          tags: [ ]
+        }
+        const attach = {
+          'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
+        }
+        requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, done)
+      })
+
+      it('Should fail with a tag length too low', function (done) {
+        const data = {
+          name: 'my super name',
+          description: 'my super description',
+          tags: [ 'tag1', 't' ]
+        }
+        const attach = {
+          'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
+        }
+        requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, done)
+      })
+
+      it('Should fail with a tag length too big', function (done) {
+        const data = {
+          name: 'my super name',
+          description: 'my super description',
+          tags: [ 'mysupertagtoolong', 'tag1' ]
+        }
+        const attach = {
+          'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
+        }
+        requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, done)
+      })
+
+      it('Should fail with malformed tags', function (done) {
+        const data = {
+          name: 'my super name',
+          description: 'my super description',
+          tags: [ 'my tag' ]
+        }
+        const attach = {
+          'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
+        }
+        requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, done)
+      })
+
+      it('Should fail without an input file', function (done) {
+        const data = {
+          name: 'my super name',
+          description: 'my super description',
+          tags: [ 'tag1', 'tag2' ]
+        }
+        const attach = {}
+        requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, done)
+      })
+
+      it('Should fail without an incorrect input file', function (done) {
+        const data = {
+          name: 'my super name',
+          description: 'my super description',
+          tags: [ 'tag1', 'tag2' ]
+        }
+        const attach = {
+          'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short_fake.webm')
+        }
+        requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, done)
+      })
+
+      it('Should fail with a too big duration', function (done) {
+        const data = {
+          name: 'my super name',
+          description: 'my super description',
+          tags: [ 'tag1', 'tag2' ]
+        }
+        const attach = {
+          'videofile': pathUtils.join(__dirname, 'fixtures', 'video_too_long.webm')
+        }
+        requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, done)
+      })
+
+      it('Should succeed with the correct parameters', function (done) {
+        const data = {
+          name: 'my super name',
+          description: 'my super description',
+          tags: [ 'tag1', 'tag2' ]
+        }
+        const attach = {
+          'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
+        }
+        requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, function () {
+          attach.videofile = pathUtils.join(__dirname, 'fixtures', 'video_short.mp4')
+          requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, function () {
+            attach.videofile = pathUtils.join(__dirname, 'fixtures', 'video_short.ogv')
+            requestsUtils.makePostUploadRequest(server.url, path, server.accessToken, data, attach, done, 204)
+          }, false)
+        }, false)
+      })
+    })
+
+    describe('When getting a video', function () {
+      it('Should return the list of the videos with nothing', function (done) {
+        request(server.url)
+          .get(path)
+          .set('Accept', 'application/json')
+          .expect(200)
+          .expect('Content-Type', /json/)
+          .end(function (err, res) {
+            if (err) throw err
+
+            expect(res.body.data).to.be.an('array')
+            expect(res.body.data.length).to.equal(3)
+
+            done()
+          })
+      })
+
+      it('Should fail without a mongodb id', function (done) {
+        request(server.url)
+          .get(path + 'coucou')
+          .set('Accept', 'application/json')
+          .expect(400, done)
+      })
+
+      it('Should return 404 with an incorrect video', function (done) {
+        request(server.url)
+          .get(path + '123456789012345678901234')
+          .set('Accept', 'application/json')
+          .expect(404, done)
+      })
+
+      it('Should succeed with the correct parameters')
+    })
+
+    describe('When removing a video', function () {
+      it('Should have 404 with nothing', function (done) {
+        request(server.url)
+          .delete(path)
+          .set('Authorization', 'Bearer ' + server.accessToken)
+          .expect(400, done)
+      })
+
+      it('Should fail without a mongodb id', function (done) {
+        request(server.url)
+          .delete(path + 'hello')
+          .set('Authorization', 'Bearer ' + server.accessToken)
+          .expect(400, done)
+      })
+
+      it('Should fail with a video which does not exist', function (done) {
+        request(server.url)
+          .delete(path + '123456789012345678901234')
+          .set('Authorization', 'Bearer ' + server.accessToken)
+          .expect(404, done)
+      })
+
+      it('Should fail with a video of another user')
+
+      it('Should fail with a video of another pod')
+
+      it('Should succeed with the correct parameters')
+    })
+  })
+
+  describe('Of the users API', function () {
+    const path = '/api/v1/users/'
+    let userId = null
+
+    describe('When listing users', function () {
+      it('Should fail with a bad start pagination', function (done) {
+        request(server.url)
+          .get(path)
+          .query({ start: 'hello' })
+          .set('Accept', 'application/json')
+          .expect(400, done)
+      })
+
+      it('Should fail with a bad count pagination', function (done) {
+        request(server.url)
+          .get(path)
+          .query({ count: 'hello' })
+          .set('Accept', 'application/json')
+          .expect(400, done)
+      })
+
+      it('Should fail with an incorrect sort', function (done) {
+        request(server.url)
+          .get(path)
+          .query({ sort: 'hello' })
+          .set('Accept', 'application/json')
+          .expect(400, done)
+      })
+    })
+
+    describe('When adding a new user', function () {
+      it('Should fail with a too small username', function (done) {
+        const data = {
+          username: 'ji',
+          password: 'mysuperpassword'
+        }
+
+        requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
+      })
+
+      it('Should fail with a too long username', function (done) {
+        const data = {
+          username: 'mysuperusernamewhichisverylong',
+          password: 'mysuperpassword'
+        }
+
+        requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
+      })
+
+      it('Should fail with an incorrect username', function (done) {
+        const data = {
+          username: 'my username',
+          password: 'mysuperpassword'
+        }
+
+        requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
+      })
+
+      it('Should fail with a too small password', function (done) {
+        const data = {
+          username: 'myusername',
+          password: 'bla'
+        }
+
+        requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
+      })
+
+      it('Should fail with a too long password', function (done) {
+        const data = {
+          username: 'myusername',
+          password: 'my super long password which is very very very very very very very very very very very very very very' +
+                    'very very very very very very very very very very very very very very very veryv very very very very' +
+                    'very very very very very very very very very very very very very very very very very very very very long'
+        }
+
+        requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
+      })
+
+      it('Should fail with an non authenticated user', function (done) {
+        const data = {
+          username: 'myusername',
+          password: 'my super password'
+        }
+
+        requestsUtils.makePostBodyRequest(server.url, path, 'super token', data, done, 401)
+      })
+
+      it('Should fail if we add a user with the same username', function (done) {
+        const data = {
+          username: 'user1',
+          password: 'my super password'
+        }
+
+        requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done, 409)
+      })
+
+      it('Should succeed with the correct params', function (done) {
+        const data = {
+          username: 'user2',
+          password: 'my super password'
+        }
+
+        requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done, 204)
+      })
+
+      it('Should fail with a non admin user', function (done) {
+        server.user = {
+          username: 'user1',
+          password: 'password'
+        }
+
+        loginUtils.loginAndGetAccessToken(server, function (err, accessToken) {
+          if (err) throw err
+
+          userAccessToken = accessToken
+
+          const data = {
+            username: 'user3',
+            password: 'my super password'
+          }
+
+          requestsUtils.makePostBodyRequest(server.url, path, userAccessToken, data, done, 403)
+        })
+      })
+    })
+
+    describe('When updating a user', function () {
+      before(function (done) {
+        usersUtils.getUsersList(server.url, function (err, res) {
+          if (err) throw err
+
+          userId = res.body.data[1].id
+          done()
+        })
+      })
+
+      it('Should fail with a too small password', function (done) {
+        const data = {
+          password: 'bla'
+        }
+
+        requestsUtils.makePutBodyRequest(server.url, path + userId, userAccessToken, data, done)
+      })
+
+      it('Should fail with a too long password', function (done) {
+        const data = {
+          password: 'my super long password which is very very very very very very very very very very very very very very' +
+                    'very very very very very very very very very very very very very very very veryv very very very very' +
+                    'very very very very very very very very very very very very very very very very very very very very long'
+        }
+
+        requestsUtils.makePutBodyRequest(server.url, path + userId, userAccessToken, data, done)
+      })
+
+      it('Should fail with an non authenticated user', function (done) {
+        const data = {
+          password: 'my super password'
+        }
+
+        requestsUtils.makePutBodyRequest(server.url, path + userId, 'super token', data, done, 401)
+      })
+
+      it('Should succeed with the correct params', function (done) {
+        const data = {
+          password: 'my super password'
+        }
+
+        requestsUtils.makePutBodyRequest(server.url, path + userId, userAccessToken, data, done, 204)
+      })
+    })
+
+    describe('When getting my information', function () {
+      it('Should fail with a non authenticated user', function (done) {
+        request(server.url)
+          .get(path + 'me')
+          .set('Authorization', 'Bearer faketoken')
+          .set('Accept', 'application/json')
+          .expect(401, done)
+      })
+
+      it('Should success with the correct parameters', function (done) {
+        request(server.url)
+          .get(path + 'me')
+          .set('Authorization', 'Bearer ' + userAccessToken)
+          .set('Accept', 'application/json')
+          .expect(200, done)
+      })
+    })
+
+    describe('When removing an user', function () {
+      it('Should fail with an incorrect id', function (done) {
+        request(server.url)
+          .delete(path + 'bla-bla')
+          .set('Authorization', 'Bearer ' + server.accessToken)
+          .expect(400, done)
+      })
+
+      it('Should return 404 with a non existing id', function (done) {
+        request(server.url)
+          .delete(path + '579f982228c99c221d8092b8')
+          .set('Authorization', 'Bearer ' + server.accessToken)
+          .expect(404, done)
+      })
+    })
+  })
+
+  describe('Of the remote videos API', function () {
+    describe('When making a secure request', function () {
+      it('Should check a secure request')
+    })
+
+    describe('When adding a video', function () {
+      it('Should check when adding a video')
+    })
+
+    describe('When removing a video', function () {
+      it('Should check when removing a video')
+    })
+  })
+
+  describe('Of the requests API', function () {
+    const path = '/api/v1/requests/stats'
+
+    it('Should fail with an non authenticated user', function (done) {
+      request(server.url)
+        .get(path)
+        .set('Accept', 'application/json')
+        .expect(401, done)
+    })
+
+    it('Should fail with a non admin user', function (done) {
+      request(server.url)
+        .get(path)
+        .set('Authorization', 'Bearer ' + userAccessToken)
+        .set('Accept', 'application/json')
+        .expect(403, done)
+    })
+  })
+
+  after(function (done) {
+    process.kill(-server.app.pid)
+
+    // Keep the logs if the test failed
+    if (this.ok) {
+      serversUtils.flushTests(done)
+    } else {
+      done()
+    }
+  })
+})
diff --git a/server/tests/api/checkParams.js b/server/tests/api/checkParams.js
deleted file mode 100644
index c1ba9c2c0..000000000
--- a/server/tests/api/checkParams.js
+++ /dev/null
@@ -1,456 +0,0 @@
-'use strict'
-
-const chai = require('chai')
-const expect = chai.expect
-const pathUtils = require('path')
-const request = require('supertest')
-const series = require('async/series')
-
-const utils = require('./utils')
-
-describe('Test parameters validator', function () {
-  let server = null
-
-  function makePostRequest (path, token, fields, attaches, done, fail) {
-    let statusCode = 400
-    if (fail !== undefined && fail === false) statusCode = 204
-
-    const req = request(server.url)
-      .post(path)
-      .set('Accept', 'application/json')
-
-    if (token) req.set('Authorization', 'Bearer ' + token)
-
-    Object.keys(fields).forEach(function (field) {
-      const value = fields[field]
-
-      if (Array.isArray(value)) {
-        for (let i = 0; i < value.length; i++) {
-          req.field(field + '[' + i + ']', value[i])
-        }
-      } else {
-        req.field(field, value)
-      }
-    })
-
-    Object.keys(attaches).forEach(function (attach) {
-      const value = attaches[attach]
-      req.attach(attach, value)
-    })
-
-    req.expect(statusCode, done)
-  }
-
-  function makePostBodyRequest (path, fields, done, fail) {
-    let statusCode = 400
-    if (fail !== undefined && fail === false) statusCode = 200
-
-    request(server.url)
-      .post(path)
-      .set('Accept', 'application/json')
-      .send(fields)
-      .expect(statusCode, done)
-  }
-
-  // ---------------------------------------------------------------
-
-  before(function (done) {
-    this.timeout(20000)
-
-    series([
-      function (next) {
-        utils.flushTests(next)
-      },
-      function (next) {
-        utils.runServer(1, function (server1) {
-          server = server1
-
-          next()
-        })
-      },
-      function (next) {
-        utils.loginAndGetAccessToken(server, function (err, token) {
-          if (err) throw err
-          server.accessToken = token
-
-          next()
-        })
-      }
-    ], done)
-  })
-
-  describe('Of the pods API', function () {
-    const path = '/api/v1/pods/'
-
-    describe('When adding a pod', function () {
-      it('Should fail with nothing', function (done) {
-        const data = {}
-        makePostBodyRequest(path, data, done)
-      })
-
-      it('Should fail without public key', function (done) {
-        const data = {
-          url: 'http://coucou.com'
-        }
-        makePostBodyRequest(path, data, done)
-      })
-
-      it('Should fail without an url', function (done) {
-        const data = {
-          publicKey: 'mysuperpublickey'
-        }
-        makePostBodyRequest(path, data, done)
-      })
-
-      it('Should fail with an incorrect url', function (done) {
-        const data = {
-          url: 'coucou.com',
-          publicKey: 'mysuperpublickey'
-        }
-        makePostBodyRequest(path, data, function () {
-          data.url = 'http://coucou'
-          makePostBodyRequest(path, data, function () {
-            data.url = 'coucou'
-            makePostBodyRequest(path, data, done)
-          })
-        })
-      })
-
-      it('Should succeed with the correct parameters', function (done) {
-        const data = {
-          url: 'http://coucou.com',
-          publicKey: 'mysuperpublickey'
-        }
-        makePostBodyRequest(path, data, done, false)
-      })
-    })
-  })
-
-  describe('Of the videos API', function () {
-    const path = '/api/v1/videos/'
-
-    describe('When listing a video', function () {
-      it('Should fail with a bad start pagination', function (done) {
-        request(server.url)
-          .get(path)
-          .query({ start: 'hello' })
-          .set('Accept', 'application/json')
-          .expect(400, done)
-      })
-
-      it('Should fail with a bad count pagination', function (done) {
-        request(server.url)
-          .get(path)
-          .query({ count: 'hello' })
-          .set('Accept', 'application/json')
-          .expect(400, done)
-      })
-
-      it('Should fail with an incorrect sort', function (done) {
-        request(server.url)
-          .get(path)
-          .query({ sort: 'hello' })
-          .set('Accept', 'application/json')
-          .expect(400, done)
-      })
-    })
-
-    describe('When searching a video', function () {
-      it('Should fail with nothing', function (done) {
-        request(server.url)
-          .get(pathUtils.join(path, 'search'))
-          .set('Accept', 'application/json')
-          .expect(400, done)
-      })
-
-      it('Should fail with a bad start pagination', function (done) {
-        request(server.url)
-          .get(pathUtils.join(path, 'search', 'test'))
-          .query({ start: 'hello' })
-          .set('Accept', 'application/json')
-          .expect(400, done)
-      })
-
-      it('Should fail with a bad count pagination', function (done) {
-        request(server.url)
-          .get(pathUtils.join(path, 'search', 'test'))
-          .query({ count: 'hello' })
-          .set('Accept', 'application/json')
-          .expect(400, done)
-      })
-
-      it('Should fail with an incorrect sort', function (done) {
-        request(server.url)
-          .get(pathUtils.join(path, 'search', 'test'))
-          .query({ sort: 'hello' })
-          .set('Accept', 'application/json')
-          .expect(400, done)
-      })
-    })
-
-    describe('When adding a video', function () {
-      it('Should fail with nothing', function (done) {
-        const data = {}
-        const attach = {}
-        makePostRequest(path, server.accessToken, data, attach, done)
-      })
-
-      it('Should fail without name', function (done) {
-        const data = {
-          description: 'my super description',
-          tags: [ 'tag1', 'tag2' ]
-        }
-        const attach = {
-          'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
-        }
-        makePostRequest(path, server.accessToken, data, attach, done)
-      })
-
-      it('Should fail with a long name', function (done) {
-        const data = {
-          name: 'My very very very very very very very very very very very very very very very very long name',
-          description: 'my super description',
-          tags: [ 'tag1', 'tag2' ]
-        }
-        const attach = {
-          'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
-        }
-        makePostRequest(path, server.accessToken, data, attach, done)
-      })
-
-      it('Should fail without description', function (done) {
-        const data = {
-          name: 'my super name',
-          tags: [ 'tag1', 'tag2' ]
-        }
-        const attach = {
-          'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
-        }
-        makePostRequest(path, server.accessToken, data, attach, done)
-      })
-
-      it('Should fail with a long description', function (done) {
-        const data = {
-          name: 'my super name',
-          description: 'my super description which is very very very very very very very very very very very very very very' +
-                       'very very very very very very very very very very very very very very very very very very very very very' +
-                       'very very very very very very very very very very very very very very very long',
-          tags: [ 'tag1', 'tag2' ]
-        }
-        const attach = {
-          'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
-        }
-        makePostRequest(path, server.accessToken, data, attach, done)
-      })
-
-      it('Should fail without tags', function (done) {
-        const data = {
-          name: 'my super name',
-          description: 'my super description'
-        }
-        const attach = {
-          'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
-        }
-        makePostRequest(path, server.accessToken, data, attach, done)
-      })
-
-      it('Should fail with too many tags', function (done) {
-        const data = {
-          name: 'my super name',
-          description: 'my super description',
-          tags: [ 'tag1', 'tag2', 'tag3', 'tag4' ]
-        }
-        const attach = {
-          'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
-        }
-        makePostRequest(path, server.accessToken, data, attach, done)
-      })
-
-      it('Should fail with not enough tags', function (done) {
-        const data = {
-          name: 'my super name',
-          description: 'my super description',
-          tags: [ ]
-        }
-        const attach = {
-          'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
-        }
-        makePostRequest(path, server.accessToken, data, attach, done)
-      })
-
-      it('Should fail with a tag length too low', function (done) {
-        const data = {
-          name: 'my super name',
-          description: 'my super description',
-          tags: [ 'tag1', 't' ]
-        }
-        const attach = {
-          'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
-        }
-        makePostRequest(path, server.accessToken, data, attach, done)
-      })
-
-      it('Should fail with a tag length too big', function (done) {
-        const data = {
-          name: 'my super name',
-          description: 'my super description',
-          tags: [ 'mysupertagtoolong', 'tag1' ]
-        }
-        const attach = {
-          'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
-        }
-        makePostRequest(path, server.accessToken, data, attach, done)
-      })
-
-      it('Should fail with malformed tags', function (done) {
-        const data = {
-          name: 'my super name',
-          description: 'my super description',
-          tags: [ 'my tag' ]
-        }
-        const attach = {
-          'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
-        }
-        makePostRequest(path, server.accessToken, data, attach, done)
-      })
-
-      it('Should fail without an input file', function (done) {
-        const data = {
-          name: 'my super name',
-          description: 'my super description',
-          tags: [ 'tag1', 'tag2' ]
-        }
-        const attach = {}
-        makePostRequest(path, server.accessToken, data, attach, done)
-      })
-
-      it('Should fail without an incorrect input file', function (done) {
-        const data = {
-          name: 'my super name',
-          description: 'my super description',
-          tags: [ 'tag1', 'tag2' ]
-        }
-        const attach = {
-          'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short_fake.webm')
-        }
-        makePostRequest(path, server.accessToken, data, attach, done)
-      })
-
-      it('Should fail with a too big duration', function (done) {
-        const data = {
-          name: 'my super name',
-          description: 'my super description',
-          tags: [ 'tag1', 'tag2' ]
-        }
-        const attach = {
-          'videofile': pathUtils.join(__dirname, 'fixtures', 'video_too_long.webm')
-        }
-        makePostRequest(path, server.accessToken, data, attach, done)
-      })
-
-      it('Should succeed with the correct parameters', function (done) {
-        const data = {
-          name: 'my super name',
-          description: 'my super description',
-          tags: [ 'tag1', 'tag2' ]
-        }
-        const attach = {
-          'videofile': pathUtils.join(__dirname, 'fixtures', 'video_short.webm')
-        }
-        makePostRequest(path, server.accessToken, data, attach, function () {
-          attach.videofile = pathUtils.join(__dirname, 'fixtures', 'video_short.mp4')
-          makePostRequest(path, server.accessToken, data, attach, function () {
-            attach.videofile = pathUtils.join(__dirname, 'fixtures', 'video_short.ogv')
-            makePostRequest(path, server.accessToken, data, attach, done, false)
-          }, false)
-        }, false)
-      })
-    })
-
-    describe('When getting a video', function () {
-      it('Should return the list of the videos with nothing', function (done) {
-        request(server.url)
-          .get(path)
-          .set('Accept', 'application/json')
-          .expect(200)
-          .expect('Content-Type', /json/)
-          .end(function (err, res) {
-            if (err) throw err
-
-            expect(res.body.data).to.be.an('array')
-            expect(res.body.data.length).to.equal(3)
-
-            done()
-          })
-      })
-
-      it('Should fail without a mongodb id', function (done) {
-        request(server.url)
-          .get(path + 'coucou')
-          .set('Accept', 'application/json')
-          .expect(400, done)
-      })
-
-      it('Should return 404 with an incorrect video', function (done) {
-        request(server.url)
-          .get(path + '123456789012345678901234')
-          .set('Accept', 'application/json')
-          .expect(404, done)
-      })
-
-      it('Should succeed with the correct parameters')
-    })
-
-    describe('When removing a video', function () {
-      it('Should have 404 with nothing', function (done) {
-        request(server.url)
-          .delete(path)
-          .set('Authorization', 'Bearer ' + server.accessToken)
-          .expect(400, done)
-      })
-
-      it('Should fail without a mongodb id', function (done) {
-        request(server.url)
-          .delete(path + 'hello')
-          .set('Authorization', 'Bearer ' + server.accessToken)
-          .expect(400, done)
-      })
-
-      it('Should fail with a video which does not exist', function (done) {
-        request(server.url)
-          .delete(path + '123456789012345678901234')
-          .set('Authorization', 'Bearer ' + server.accessToken)
-          .expect(404, done)
-      })
-
-      it('Should fail with a video of another pod')
-
-      it('Should succeed with the correct parameters')
-    })
-  })
-
-  describe('Of the remote videos API', function () {
-    describe('When making a secure request', function () {
-      it('Should check a secure request')
-    })
-
-    describe('When adding a video', function () {
-      it('Should check when adding a video')
-    })
-
-    describe('When removing a video', function () {
-      it('Should check when removing a video')
-    })
-  })
-
-  after(function (done) {
-    process.kill(-server.app.pid)
-
-    // Keep the logs if the test failed
-    if (this.ok) {
-      utils.flushTests(done)
-    } else {
-      done()
-    }
-  })
-})
diff --git a/server/tests/api/friendsAdvanced.js b/server/tests/api/friends-advanced.js
index 603fbc16b..0d24481ef 100644
--- a/server/tests/api/friendsAdvanced.js
+++ b/server/tests/api/friends-advanced.js
@@ -5,24 +5,27 @@ const each = require('async/each')
 const expect = chai.expect
 const series = require('async/series')
 
-const utils = require('./utils')
+const loginUtils = require('../utils/login')
+const podsUtils = require('../utils/pods')
+const serversUtils = require('../utils/servers')
+const videosUtils = require('../utils/videos')
 
 describe('Test advanced friends', function () {
   let servers = []
 
   function makeFriends (podNumber, callback) {
     const server = servers[podNumber - 1]
-    return utils.makeFriends(server.url, server.accessToken, callback)
+    return podsUtils.makeFriends(server.url, server.accessToken, callback)
   }
 
   function quitFriends (podNumber, callback) {
     const server = servers[podNumber - 1]
-    return utils.quitFriends(server.url, server.accessToken, callback)
+    return podsUtils.quitFriends(server.url, server.accessToken, callback)
   }
 
   function getFriendsList (podNumber, end) {
     const server = servers[podNumber - 1]
-    return utils.getFriendsList(server.url, end)
+    return podsUtils.getFriendsList(server.url, end)
   }
 
   function uploadVideo (podNumber, callback) {
@@ -32,22 +35,22 @@ describe('Test advanced friends', function () {
     const fixture = 'video_short.webm'
     const server = servers[podNumber - 1]
 
-    return utils.uploadVideo(server.url, server.accessToken, name, description, tags, fixture, callback)
+    return videosUtils.uploadVideo(server.url, server.accessToken, name, description, tags, fixture, callback)
   }
 
   function getVideos (podNumber, callback) {
-    return utils.getVideosList(servers[podNumber - 1].url, callback)
+    return videosUtils.getVideosList(servers[podNumber - 1].url, callback)
   }
 
   // ---------------------------------------------------------------
 
   before(function (done) {
     this.timeout(30000)
-    utils.flushAndRunMultipleServers(6, function (serversRun, urlsRun) {
+    serversUtils.flushAndRunMultipleServers(6, function (serversRun, urlsRun) {
       servers = serversRun
 
       each(servers, function (server, callbackEach) {
-        utils.loginAndGetAccessToken(server, function (err, accessToken) {
+        loginUtils.loginAndGetAccessToken(server, function (err, accessToken) {
           if (err) return callbackEach(err)
 
           server.accessToken = accessToken
@@ -169,7 +172,7 @@ describe('Test advanced friends', function () {
       },
       // Rerun server 4
       function (next) {
-        utils.runServer(4, function (server) {
+        serversUtils.runServer(4, function (server) {
           servers[3].app = server.app
           next()
         })
@@ -273,7 +276,7 @@ describe('Test advanced friends', function () {
     })
 
     if (this.ok) {
-      utils.flushTests(done)
+      serversUtils.flushTests(done)
     } else {
       done()
     }
diff --git a/server/tests/api/friendsBasic.js b/server/tests/api/friends-basic.js
index c74a7f224..f1393b5ec 100644
--- a/server/tests/api/friendsBasic.js
+++ b/server/tests/api/friends-basic.js
@@ -5,14 +5,17 @@ const each = require('async/each')
 const expect = chai.expect
 const series = require('async/series')
 
-const utils = require('./utils')
+const loginUtils = require('../utils/login')
+const miscsUtils = require('../utils/miscs')
+const podsUtils = require('../utils/pods')
+const serversUtils = require('../utils/servers')
 
 describe('Test basic friends', function () {
   let servers = []
 
   function makeFriends (podNumber, callback) {
     const server = servers[podNumber - 1]
-    return utils.makeFriends(server.url, server.accessToken, callback)
+    return podsUtils.makeFriends(server.url, server.accessToken, callback)
   }
 
   function testMadeFriends (servers, serverToTest, callback) {
@@ -22,7 +25,7 @@ describe('Test basic friends', function () {
       friends.push(servers[i].url)
     }
 
-    utils.getFriendsList(serverToTest.url, function (err, res) {
+    podsUtils.getFriendsList(serverToTest.url, function (err, res) {
       if (err) throw err
 
       const result = res.body
@@ -43,11 +46,11 @@ describe('Test basic friends', function () {
 
   before(function (done) {
     this.timeout(20000)
-    utils.flushAndRunMultipleServers(3, function (serversRun, urlsRun) {
+    serversUtils.flushAndRunMultipleServers(3, function (serversRun, urlsRun) {
       servers = serversRun
 
       each(servers, function (server, callbackEach) {
-        utils.loginAndGetAccessToken(server, function (err, accessToken) {
+        loginUtils.loginAndGetAccessToken(server, function (err, accessToken) {
           if (err) return callbackEach(err)
 
           server.accessToken = accessToken
@@ -59,7 +62,7 @@ describe('Test basic friends', function () {
 
   it('Should not have friends', function (done) {
     each(servers, function (server, callback) {
-      utils.getFriendsList(server.url, function (err, res) {
+      podsUtils.getFriendsList(server.url, function (err, res) {
         if (err) throw err
 
         const result = res.body
@@ -71,7 +74,7 @@ describe('Test basic friends', function () {
   })
 
   it('Should make friends', function (done) {
-    this.timeout(10000)
+    this.timeout(40000)
 
     series([
       // The second pod make friend with the third
@@ -80,30 +83,38 @@ describe('Test basic friends', function () {
       },
       // Wait for the request between pods
       function (next) {
-        setTimeout(next, 1000)
+        setTimeout(next, 11000)
       },
       // The second pod should have the third as a friend
       function (next) {
-        utils.getFriendsList(servers[1].url, function (err, res) {
+        podsUtils.getFriendsList(servers[1].url, function (err, res) {
           if (err) throw err
 
           const result = res.body
           expect(result).to.be.an('array')
           expect(result.length).to.equal(1)
-          expect(result[0].url).to.be.equal(servers[2].url)
+
+          const pod = result[0]
+          expect(pod.url).to.equal(servers[2].url)
+          expect(pod.score).to.equal(20)
+          expect(miscsUtils.dateIsValid(pod.createdDate)).to.be.true
 
           next()
         })
       },
       // Same here, the third pod should have the second pod as a friend
       function (next) {
-        utils.getFriendsList(servers[2].url, function (err, res) {
+        podsUtils.getFriendsList(servers[2].url, function (err, res) {
           if (err) throw err
 
           const result = res.body
           expect(result).to.be.an('array')
           expect(result.length).to.equal(1)
-          expect(result[0].url).to.be.equal(servers[1].url)
+
+          const pod = result[0]
+          expect(pod.url).to.equal(servers[1].url)
+          expect(pod.score).to.equal(20)
+          expect(miscsUtils.dateIsValid(pod.createdDate)).to.be.true
 
           next()
         })
@@ -114,7 +125,7 @@ describe('Test basic friends', function () {
       },
       // Wait for the request between pods
       function (next) {
-        setTimeout(next, 1000)
+        setTimeout(next, 11000)
       }
     ],
     // Now each pod should be friend with the other ones
@@ -128,7 +139,7 @@ describe('Test basic friends', function () {
 
   it('Should not be allowed to make friend again', function (done) {
     const server = servers[1]
-    utils.makeFriends(server.url, server.accessToken, 409, done)
+    podsUtils.makeFriends(server.url, server.accessToken, 409, done)
   })
 
   it('Should quit friends of pod 2', function (done) {
@@ -136,11 +147,11 @@ describe('Test basic friends', function () {
       // Pod 1 quit friends
       function (next) {
         const server = servers[1]
-        utils.quitFriends(server.url, server.accessToken, next)
+        podsUtils.quitFriends(server.url, server.accessToken, next)
       },
       // Pod 1 should not have friends anymore
       function (next) {
-        utils.getFriendsList(servers[1].url, function (err, res) {
+        podsUtils.getFriendsList(servers[1].url, function (err, res) {
           if (err) throw err
 
           const result = res.body
@@ -153,7 +164,7 @@ describe('Test basic friends', function () {
       // Other pods shouldn't have pod 1 too
       function (next) {
         each([ servers[0].url, servers[2].url ], function (url, callback) {
-          utils.getFriendsList(url, function (err, res) {
+          podsUtils.getFriendsList(url, function (err, res) {
             if (err) throw err
 
             const result = res.body
@@ -168,11 +179,15 @@ describe('Test basic friends', function () {
   })
 
   it('Should allow pod 2 to make friend again', function (done) {
+    this.timeout(20000)
+
     const server = servers[1]
-    utils.makeFriends(server.url, server.accessToken, function () {
-      each(servers, function (server, callback) {
-        testMadeFriends(servers, server, callback)
-      }, done)
+    podsUtils.makeFriends(server.url, server.accessToken, function () {
+      setTimeout(function () {
+        each(servers, function (server, callback) {
+          testMadeFriends(servers, server, callback)
+        }, done)
+      }, 11000)
     })
   })
 
@@ -182,7 +197,7 @@ describe('Test basic friends', function () {
     })
 
     if (this.ok) {
-      utils.flushTests(done)
+      serversUtils.flushTests(done)
     } else {
       done()
     }
diff --git a/server/tests/api/index.js b/server/tests/api/index.js
index 61c9a7aca..11f49e1e2 100644
--- a/server/tests/api/index.js
+++ b/server/tests/api/index.js
@@ -1,9 +1,9 @@
 'use strict'
 
 // Order of the tests we want to execute
-require('./checkParams')
-require('./friendsBasic')
+require('./check-params')
+require('./friends-basic')
 require('./users')
-require('./singlePod')
-require('./multiplePods')
-require('./friendsAdvanced')
+require('./single-pod')
+require('./multiple-pods')
+require('./friends-advanced')
diff --git a/server/tests/api/multiplePods.js b/server/tests/api/multiple-pods.js
index ac140f6bb..b86f88c22 100644
--- a/server/tests/api/multiplePods.js
+++ b/server/tests/api/multiple-pods.js
@@ -6,7 +6,11 @@ const expect = chai.expect
 const pathUtils = require('path')
 const series = require('async/series')
 
-const utils = require('./utils')
+const loginUtils = require('../utils/login')
+const miscsUtils = require('../utils/miscs')
+const podsUtils = require('../utils/pods')
+const serversUtils = require('../utils/servers')
+const videosUtils = require('../utils/videos')
 const webtorrent = require(pathUtils.join(__dirname, '../../lib/webtorrent'))
 webtorrent.silent = true
 
@@ -20,7 +24,7 @@ describe('Test multiple pods', function () {
     series([
       // Run servers
       function (next) {
-        utils.flushAndRunMultipleServers(3, function (serversRun) {
+        serversUtils.flushAndRunMultipleServers(3, function (serversRun) {
           servers = serversRun
           next()
         })
@@ -28,7 +32,7 @@ describe('Test multiple pods', function () {
       // Get the access tokens
       function (next) {
         each(servers, function (server, callbackEach) {
-          utils.loginAndGetAccessToken(server, function (err, accessToken) {
+          loginUtils.loginAndGetAccessToken(server, function (err, accessToken) {
             if (err) return callbackEach(err)
 
             server.accessToken = accessToken
@@ -39,7 +43,7 @@ describe('Test multiple pods', function () {
       // The second pod make friend with the third
       function (next) {
         const server = servers[1]
-        utils.makeFriends(server.url, server.accessToken, next)
+        podsUtils.makeFriends(server.url, server.accessToken, next)
       },
       // Wait for the request between pods
       function (next) {
@@ -48,7 +52,7 @@ describe('Test multiple pods', function () {
       // Pod 1 make friends too
       function (next) {
         const server = servers[0]
-        utils.makeFriends(server.url, server.accessToken, next)
+        podsUtils.makeFriends(server.url, server.accessToken, next)
       },
       function (next) {
         webtorrent.create({ host: 'client', port: '1' }, next)
@@ -58,7 +62,7 @@ describe('Test multiple pods', function () {
 
   it('Should not have videos for all pods', function (done) {
     each(servers, function (server, callback) {
-      utils.getVideosList(server.url, function (err, res) {
+      videosUtils.getVideosList(server.url, function (err, res) {
         if (err) throw err
 
         const videos = res.body.data
@@ -80,7 +84,7 @@ describe('Test multiple pods', function () {
           const description = 'my super description for pod 1'
           const tags = [ 'tag1p1', 'tag2p1' ]
           const file = 'video_short1.webm'
-          utils.uploadVideo(servers[0].url, servers[0].accessToken, name, description, tags, file, next)
+          videosUtils.uploadVideo(servers[0].url, servers[0].accessToken, name, description, tags, file, next)
         },
         function (next) {
           setTimeout(next, 11000)
@@ -92,7 +96,7 @@ describe('Test multiple pods', function () {
           each(servers, function (server, callback) {
             let baseMagnet = null
 
-            utils.getVideosList(server.url, function (err, res) {
+            videosUtils.getVideosList(server.url, function (err, res) {
               if (err) throw err
 
               const videos = res.body.data
@@ -105,7 +109,7 @@ describe('Test multiple pods', function () {
               expect(video.magnetUri).to.exist
               expect(video.duration).to.equal(10)
               expect(video.tags).to.deep.equal([ 'tag1p1', 'tag2p1' ])
-              expect(utils.dateIsValid(video.createdDate)).to.be.true
+              expect(miscsUtils.dateIsValid(video.createdDate)).to.be.true
               expect(video.author).to.equal('root')
 
               if (server.url !== 'http://localhost:9001') {
@@ -121,7 +125,7 @@ describe('Test multiple pods', function () {
                 expect(video.magnetUri).to.equal.magnetUri
               }
 
-              utils.testImage(server.url, 'video_short1.webm', video.thumbnailPath, function (err, test) {
+              videosUtils.testVideoImage(server.url, 'video_short1.webm', video.thumbnailPath, function (err, test) {
                 if (err) throw err
                 expect(test).to.equal(true)
 
@@ -142,7 +146,7 @@ describe('Test multiple pods', function () {
           const description = 'my super description for pod 2'
           const tags = [ 'tag1p2', 'tag2p2', 'tag3p2' ]
           const file = 'video_short2.webm'
-          utils.uploadVideo(servers[1].url, servers[1].accessToken, name, description, tags, file, next)
+          videosUtils.uploadVideo(servers[1].url, servers[1].accessToken, name, description, tags, file, next)
         },
         function (next) {
           setTimeout(next, 11000)
@@ -154,7 +158,7 @@ describe('Test multiple pods', function () {
           each(servers, function (server, callback) {
             let baseMagnet = null
 
-            utils.getVideosList(server.url, function (err, res) {
+            videosUtils.getVideosList(server.url, function (err, res) {
               if (err) throw err
 
               const videos = res.body.data
@@ -167,7 +171,7 @@ describe('Test multiple pods', function () {
               expect(video.magnetUri).to.exist
               expect(video.duration).to.equal(5)
               expect(video.tags).to.deep.equal([ 'tag1p2', 'tag2p2', 'tag3p2' ])
-              expect(utils.dateIsValid(video.createdDate)).to.be.true
+              expect(miscsUtils.dateIsValid(video.createdDate)).to.be.true
               expect(video.author).to.equal('root')
 
               if (server.url !== 'http://localhost:9002') {
@@ -183,7 +187,7 @@ describe('Test multiple pods', function () {
                 expect(video.magnetUri).to.equal.magnetUri
               }
 
-              utils.testImage(server.url, 'video_short2.webm', video.thumbnailPath, function (err, test) {
+              videosUtils.testVideoImage(server.url, 'video_short2.webm', video.thumbnailPath, function (err, test) {
                 if (err) throw err
                 expect(test).to.equal(true)
 
@@ -204,14 +208,14 @@ describe('Test multiple pods', function () {
           const description = 'my super description for pod 3'
           const tags = [ 'tag1p3' ]
           const file = 'video_short3.webm'
-          utils.uploadVideo(servers[2].url, servers[2].accessToken, name, description, tags, file, next)
+          videosUtils.uploadVideo(servers[2].url, servers[2].accessToken, name, description, tags, file, next)
         },
         function (next) {
           const name = 'my super name for pod 3-2'
           const description = 'my super description for pod 3-2'
           const tags = [ 'tag2p3', 'tag3p3', 'tag4p3' ]
           const file = 'video_short.webm'
-          utils.uploadVideo(servers[2].url, servers[2].accessToken, name, description, tags, file, next)
+          videosUtils.uploadVideo(servers[2].url, servers[2].accessToken, name, description, tags, file, next)
         },
         function (next) {
           setTimeout(next, 22000)
@@ -222,7 +226,7 @@ describe('Test multiple pods', function () {
           let baseMagnet = null
           // All pods should have this video
           each(servers, function (server, callback) {
-            utils.getVideosList(server.url, function (err, res) {
+            videosUtils.getVideosList(server.url, function (err, res) {
               if (err) throw err
 
               const videos = res.body.data
@@ -247,7 +251,7 @@ describe('Test multiple pods', function () {
               expect(video1.duration).to.equal(5)
               expect(video1.tags).to.deep.equal([ 'tag1p3' ])
               expect(video1.author).to.equal('root')
-              expect(utils.dateIsValid(video1.createdDate)).to.be.true
+              expect(miscsUtils.dateIsValid(video1.createdDate)).to.be.true
 
               expect(video2.name).to.equal('my super name for pod 3-2')
               expect(video2.description).to.equal('my super description for pod 3-2')
@@ -256,7 +260,7 @@ describe('Test multiple pods', function () {
               expect(video2.duration).to.equal(5)
               expect(video2.tags).to.deep.equal([ 'tag2p3', 'tag3p3', 'tag4p3' ])
               expect(video2.author).to.equal('root')
-              expect(utils.dateIsValid(video2.createdDate)).to.be.true
+              expect(miscsUtils.dateIsValid(video2.createdDate)).to.be.true
 
               if (server.url !== 'http://localhost:9003') {
                 expect(video1.isLocal).to.be.false
@@ -273,11 +277,11 @@ describe('Test multiple pods', function () {
                 expect(video2.magnetUri).to.equal.magnetUri
               }
 
-              utils.testImage(server.url, 'video_short3.webm', video1.thumbnailPath, function (err, test) {
+              videosUtils.testVideoImage(server.url, 'video_short3.webm', video1.thumbnailPath, function (err, test) {
                 if (err) throw err
                 expect(test).to.equal(true)
 
-                utils.testImage(server.url, 'video_short.webm', video2.thumbnailPath, function (err, test) {
+                videosUtils.testVideoImage(server.url, 'video_short.webm', video2.thumbnailPath, function (err, test) {
                   if (err) throw err
                   expect(test).to.equal(true)
 
@@ -296,7 +300,7 @@ describe('Test multiple pods', function () {
       // Yes, this could be long
       this.timeout(200000)
 
-      utils.getVideosList(servers[2].url, function (err, res) {
+      videosUtils.getVideosList(servers[2].url, function (err, res) {
         if (err) throw err
 
         const video = res.body.data[0]
@@ -317,7 +321,7 @@ describe('Test multiple pods', function () {
       // Yes, this could be long
       this.timeout(200000)
 
-      utils.getVideosList(servers[0].url, function (err, res) {
+      videosUtils.getVideosList(servers[0].url, function (err, res) {
         if (err) throw err
 
         const video = res.body.data[1]
@@ -336,7 +340,7 @@ describe('Test multiple pods', function () {
       // Yes, this could be long
       this.timeout(200000)
 
-      utils.getVideosList(servers[1].url, function (err, res) {
+      videosUtils.getVideosList(servers[1].url, function (err, res) {
         if (err) throw err
 
         const video = res.body.data[2]
@@ -355,7 +359,7 @@ describe('Test multiple pods', function () {
       // Yes, this could be long
       this.timeout(200000)
 
-      utils.getVideosList(servers[0].url, function (err, res) {
+      videosUtils.getVideosList(servers[0].url, function (err, res) {
         if (err) throw err
 
         const video = res.body.data[3]
@@ -375,10 +379,10 @@ describe('Test multiple pods', function () {
 
       series([
         function (next) {
-          utils.removeVideo(servers[2].url, servers[2].accessToken, toRemove[0], next)
+          videosUtils.removeVideo(servers[2].url, servers[2].accessToken, toRemove[0], next)
         },
         function (next) {
-          utils.removeVideo(servers[2].url, servers[2].accessToken, toRemove[1], next)
+          videosUtils.removeVideo(servers[2].url, servers[2].accessToken, toRemove[1], next)
         }],
         function (err) {
           if (err) throw err
@@ -389,7 +393,7 @@ describe('Test multiple pods', function () {
 
     it('Should have videos 1 and 3 on each pod', function (done) {
       each(servers, function (server, callback) {
-        utils.getVideosList(server.url, function (err, res) {
+        videosUtils.getVideosList(server.url, function (err, res) {
           if (err) throw err
 
           const videos = res.body.data
@@ -415,7 +419,7 @@ describe('Test multiple pods', function () {
 
     // Keep the logs if the test failed
     if (this.ok) {
-      utils.flushTests(done)
+      serversUtils.flushTests(done)
     } else {
       done()
     }
diff --git a/server/tests/api/requests.js b/server/tests/api/requests.js
new file mode 100644
index 000000000..af36f6e34
--- /dev/null
+++ b/server/tests/api/requests.js
@@ -0,0 +1,128 @@
+'use strict'
+
+const chai = require('chai')
+const each = require('async/each')
+const expect = chai.expect
+const request = require('supertest')
+
+const loginUtils = require('../utils/login')
+const podsUtils = require('../utils/pods')
+const serversUtils = require('../utils/servers')
+const videosUtils = require('../utils/videos')
+
+describe('Test requests stats', function () {
+  const path = '/api/v1/requests/stats'
+  let servers = []
+
+  function uploadVideo (server, callback) {
+    const name = 'my super video'
+    const description = 'my super description'
+    const tags = [ 'tag1', 'tag2' ]
+    const fixture = 'video_short.webm'
+
+    videosUtils.uploadVideo(server.url, server.accessToken, name, description, tags, fixture, callback)
+  }
+
+  function getRequestsStats (server, callback) {
+    request(server.url)
+      .get(path)
+      .set('Accept', 'application/json')
+      .set('Authorization', 'Bearer ' + server.accessToken)
+      .expect(200)
+      .end(callback)
+  }
+
+  // ---------------------------------------------------------------
+
+  before(function (done) {
+    this.timeout(20000)
+    serversUtils.flushAndRunMultipleServers(2, function (serversRun, urlsRun) {
+      servers = serversRun
+
+      each(servers, function (server, callbackEach) {
+        loginUtils.loginAndGetAccessToken(server, function (err, accessToken) {
+          if (err) return callbackEach(err)
+
+          server.accessToken = accessToken
+          callbackEach()
+        })
+      }, function (err) {
+        if (err) throw err
+
+        const server1 = servers[0]
+        podsUtils.makeFriends(server1.url, server1.accessToken, done)
+      })
+    })
+  })
+
+  it('Should have a correct timer', function (done) {
+    const server = servers[0]
+
+    getRequestsStats(server, function (err, res) {
+      if (err) throw err
+
+      const body = res.body
+      expect(body.remainingMilliSeconds).to.be.at.least(0)
+      expect(body.remainingMilliSeconds).to.be.at.most(10000)
+
+      done()
+    })
+  })
+
+  it('Should have the correct request', function (done) {
+    this.timeout(15000)
+
+    const server = servers[0]
+    // Ensure the requests of pod 1 won't be made
+    servers[1].app.kill()
+
+    uploadVideo(server, function (err) {
+      if (err) throw err
+
+      getRequestsStats(server, function (err, res) {
+        if (err) throw err
+
+        const body = res.body
+        expect(body.requests).to.have.lengthOf(1)
+
+        const request = body.requests[0]
+        expect(request.to).to.have.lengthOf(1)
+        expect(request.request.type).to.equal('add')
+
+        // Wait one cycle
+        setTimeout(done, 10000)
+      })
+    })
+  })
+
+  it('Should have the correct requests', function (done) {
+    const server = servers[0]
+
+    uploadVideo(server, function (err) {
+      if (err) throw err
+
+      getRequestsStats(server, function (err, res) {
+        if (err) throw err
+
+        const body = res.body
+        expect(body.requests).to.have.lengthOf(2)
+
+        const request = body.requests[1]
+        expect(request.to).to.have.lengthOf(1)
+        expect(request.request.type).to.equal('add')
+
+        done()
+      })
+    })
+  })
+
+  after(function (done) {
+    process.kill(-servers[0].app.pid)
+
+    if (this.ok) {
+      serversUtils.flushTests(done)
+    } else {
+      done()
+    }
+  })
+})
diff --git a/server/tests/api/singlePod.js b/server/tests/api/single-pod.js
index 6ed719f87..bdaaee46c 100644
--- a/server/tests/api/singlePod.js
+++ b/server/tests/api/single-pod.js
@@ -8,11 +8,13 @@ const keyBy = require('lodash/keyBy')
 const pathUtils = require('path')
 const series = require('async/series')
 
+const loginUtils = require('../utils/login')
+const miscsUtils = require('../utils/miscs')
+const serversUtils = require('../utils/servers')
+const videosUtils = require('../utils/videos')
 const webtorrent = require(pathUtils.join(__dirname, '../../lib/webtorrent'))
 webtorrent.silent = true
 
-const utils = require('./utils')
-
 describe('Test a single pod', function () {
   let server = null
   let videoId = -1
@@ -23,16 +25,16 @@ describe('Test a single pod', function () {
 
     series([
       function (next) {
-        utils.flushTests(next)
+        serversUtils.flushTests(next)
       },
       function (next) {
-        utils.runServer(1, function (server1) {
+        serversUtils.runServer(1, function (server1) {
           server = server1
           next()
         })
       },
       function (next) {
-        utils.loginAndGetAccessToken(server, function (err, token) {
+        loginUtils.loginAndGetAccessToken(server, function (err, token) {
           if (err) throw err
           server.accessToken = token
           next()
@@ -45,7 +47,7 @@ describe('Test a single pod', function () {
   })
 
   it('Should not have videos', function (done) {
-    utils.getVideosList(server.url, function (err, res) {
+    videosUtils.getVideosList(server.url, function (err, res) {
       if (err) throw err
 
       expect(res.body.total).to.equal(0)
@@ -62,14 +64,14 @@ describe('Test a single pod', function () {
     const description = 'my super description'
     const tags = [ 'tag1', 'tag2', 'tag3' ]
     const file = 'video_short.webm'
-    utils.uploadVideo(server.url, server.accessToken, name, description, tags, file, done)
+    videosUtils.uploadVideo(server.url, server.accessToken, name, description, tags, file, done)
   })
 
   it('Should seed the uploaded video', function (done) {
     // Yes, this could be long
     this.timeout(60000)
 
-    utils.getVideosList(server.url, function (err, res) {
+    videosUtils.getVideosList(server.url, function (err, res) {
       if (err) throw err
 
       expect(res.body.total).to.equal(1)
@@ -84,9 +86,9 @@ describe('Test a single pod', function () {
       expect(video.author).to.equal('root')
       expect(video.isLocal).to.be.true
       expect(video.tags).to.deep.equal([ 'tag1', 'tag2', 'tag3' ])
-      expect(utils.dateIsValid(video.createdDate)).to.be.true
+      expect(miscsUtils.dateIsValid(video.createdDate)).to.be.true
 
-      utils.testImage(server.url, 'video_short.webm', video.thumbnailPath, function (err, test) {
+      videosUtils.testVideoImage(server.url, 'video_short.webm', video.thumbnailPath, function (err, test) {
         if (err) throw err
         expect(test).to.equal(true)
 
@@ -97,8 +99,7 @@ describe('Test a single pod', function () {
           expect(torrent.files.length).to.equal(1)
           expect(torrent.files[0].path).to.exist.and.to.not.equal('')
 
-          // We remove it because we'll add it again
-          webtorrent.remove(video.magnetUri, done)
+          done()
         })
       })
     })
@@ -108,7 +109,7 @@ describe('Test a single pod', function () {
     // Yes, this could be long
     this.timeout(60000)
 
-    utils.getVideo(server.url, videoId, function (err, res) {
+    videosUtils.getVideo(server.url, videoId, function (err, res) {
       if (err) throw err
 
       const video = res.body
@@ -119,25 +120,19 @@ describe('Test a single pod', function () {
       expect(video.author).to.equal('root')
       expect(video.isLocal).to.be.true
       expect(video.tags).to.deep.equal([ 'tag1', 'tag2', 'tag3' ])
-      expect(utils.dateIsValid(video.createdDate)).to.be.true
+      expect(miscsUtils.dateIsValid(video.createdDate)).to.be.true
 
-      utils.testImage(server.url, 'video_short.webm', video.thumbnailPath, function (err, test) {
+      videosUtils.testVideoImage(server.url, 'video_short.webm', video.thumbnailPath, function (err, test) {
         if (err) throw err
         expect(test).to.equal(true)
 
-        webtorrent.add(video.magnetUri, function (torrent) {
-          expect(torrent.files).to.exist
-          expect(torrent.files.length).to.equal(1)
-          expect(torrent.files[0].path).to.exist.and.to.not.equal('')
-
-          done()
-        })
+        done()
       })
     })
   })
 
   it('Should search the video by name by default', function (done) {
-    utils.searchVideo(server.url, 'my', function (err, res) {
+    videosUtils.searchVideo(server.url, 'my', function (err, res) {
       if (err) throw err
 
       expect(res.body.total).to.equal(1)
@@ -151,9 +146,9 @@ describe('Test a single pod', function () {
       expect(video.author).to.equal('root')
       expect(video.isLocal).to.be.true
       expect(video.tags).to.deep.equal([ 'tag1', 'tag2', 'tag3' ])
-      expect(utils.dateIsValid(video.createdDate)).to.be.true
+      expect(miscsUtils.dateIsValid(video.createdDate)).to.be.true
 
-      utils.testImage(server.url, 'video_short.webm', video.thumbnailPath, function (err, test) {
+      videosUtils.testVideoImage(server.url, 'video_short.webm', video.thumbnailPath, function (err, test) {
         if (err) throw err
         expect(test).to.equal(true)
 
@@ -163,7 +158,7 @@ describe('Test a single pod', function () {
   })
 
   it('Should search the video by podUrl', function (done) {
-    utils.searchVideo(server.url, '9001', 'podUrl', function (err, res) {
+    videosUtils.searchVideo(server.url, '9001', 'podUrl', function (err, res) {
       if (err) throw err
 
       expect(res.body.total).to.equal(1)
@@ -177,9 +172,9 @@ describe('Test a single pod', function () {
       expect(video.author).to.equal('root')
       expect(video.isLocal).to.be.true
       expect(video.tags).to.deep.equal([ 'tag1', 'tag2', 'tag3' ])
-      expect(utils.dateIsValid(video.createdDate)).to.be.true
+      expect(miscsUtils.dateIsValid(video.createdDate)).to.be.true
 
-      utils.testImage(server.url, 'video_short.webm', video.thumbnailPath, function (err, test) {
+      videosUtils.testVideoImage(server.url, 'video_short.webm', video.thumbnailPath, function (err, test) {
         if (err) throw err
         expect(test).to.equal(true)
 
@@ -189,7 +184,7 @@ describe('Test a single pod', function () {
   })
 
   it('Should search the video by tag', function (done) {
-    utils.searchVideo(server.url, 'tag1', 'tags', function (err, res) {
+    videosUtils.searchVideo(server.url, 'tag1', 'tags', function (err, res) {
       if (err) throw err
 
       expect(res.body.total).to.equal(1)
@@ -203,9 +198,9 @@ describe('Test a single pod', function () {
       expect(video.author).to.equal('root')
       expect(video.isLocal).to.be.true
       expect(video.tags).to.deep.equal([ 'tag1', 'tag2', 'tag3' ])
-      expect(utils.dateIsValid(video.createdDate)).to.be.true
+      expect(miscsUtils.dateIsValid(video.createdDate)).to.be.true
 
-      utils.testImage(server.url, 'video_short.webm', video.thumbnailPath, function (err, test) {
+      videosUtils.testVideoImage(server.url, 'video_short.webm', video.thumbnailPath, function (err, test) {
         if (err) throw err
         expect(test).to.equal(true)
 
@@ -215,7 +210,7 @@ describe('Test a single pod', function () {
   })
 
   it('Should not find a search by name by default', function (done) {
-    utils.searchVideo(server.url, 'hello', function (err, res) {
+    videosUtils.searchVideo(server.url, 'hello', function (err, res) {
       if (err) throw err
 
       expect(res.body.total).to.equal(0)
@@ -227,7 +222,7 @@ describe('Test a single pod', function () {
   })
 
   it('Should not find a search by author', function (done) {
-    utils.searchVideo(server.url, 'hello', 'author', function (err, res) {
+    videosUtils.searchVideo(server.url, 'hello', 'author', function (err, res) {
       if (err) throw err
 
       expect(res.body.total).to.equal(0)
@@ -239,7 +234,7 @@ describe('Test a single pod', function () {
   })
 
   it('Should not find a search by tag', function (done) {
-    utils.searchVideo(server.url, 'tag', 'tags', function (err, res) {
+    videosUtils.searchVideo(server.url, 'tag', 'tags', function (err, res) {
       if (err) throw err
 
       expect(res.body.total).to.equal(0)
@@ -251,7 +246,7 @@ describe('Test a single pod', function () {
   })
 
   it('Should remove the video', function (done) {
-    utils.removeVideo(server.url, server.accessToken, videoId, function (err) {
+    videosUtils.removeVideo(server.url, server.accessToken, videoId, function (err) {
       if (err) throw err
 
       fs.readdir(pathUtils.join(__dirname, '../../../test1/uploads/'), function (err, files) {
@@ -264,7 +259,7 @@ describe('Test a single pod', function () {
   })
 
   it('Should not have videos', function (done) {
-    utils.getVideosList(server.url, function (err, res) {
+    videosUtils.getVideosList(server.url, function (err, res) {
       if (err) throw err
 
       expect(res.body.total).to.equal(0)
@@ -286,12 +281,12 @@ describe('Test a single pod', function () {
       const description = video + ' description'
       const tags = [ 'tag1', 'tag2', 'tag3' ]
 
-      utils.uploadVideo(server.url, server.accessToken, name, description, tags, video, callbackEach)
+      videosUtils.uploadVideo(server.url, server.accessToken, name, description, tags, video, callbackEach)
     }, done)
   })
 
   it('Should have the correct durations', function (done) {
-    utils.getVideosList(server.url, function (err, res) {
+    videosUtils.getVideosList(server.url, function (err, res) {
       if (err) throw err
 
       expect(res.body.total).to.equal(6)
@@ -312,7 +307,7 @@ describe('Test a single pod', function () {
   })
 
   it('Should have the correct thumbnails', function (done) {
-    utils.getVideosList(server.url, function (err, res) {
+    videosUtils.getVideosList(server.url, function (err, res) {
       if (err) throw err
 
       const videos = res.body.data
@@ -323,7 +318,7 @@ describe('Test a single pod', function () {
         if (err) throw err
         const videoName = video.name.replace(' name', '')
 
-        utils.testImage(server.url, videoName, video.thumbnailPath, function (err, test) {
+        videosUtils.testVideoImage(server.url, videoName, video.thumbnailPath, function (err, test) {
           if (err) throw err
 
           expect(test).to.equal(true)
@@ -334,7 +329,7 @@ describe('Test a single pod', function () {
   })
 
   it('Should list only the two first videos', function (done) {
-    utils.getVideosListPagination(server.url, 0, 2, function (err, res) {
+    videosUtils.getVideosListPagination(server.url, 0, 2, function (err, res) {
       if (err) throw err
 
       const videos = res.body.data
@@ -348,7 +343,7 @@ describe('Test a single pod', function () {
   })
 
   it('Should list only the next three videos', function (done) {
-    utils.getVideosListPagination(server.url, 2, 3, function (err, res) {
+    videosUtils.getVideosListPagination(server.url, 2, 3, function (err, res) {
       if (err) throw err
 
       const videos = res.body.data
@@ -363,7 +358,7 @@ describe('Test a single pod', function () {
   })
 
   it('Should list the last video', function (done) {
-    utils.getVideosListPagination(server.url, 5, 6, function (err, res) {
+    videosUtils.getVideosListPagination(server.url, 5, 6, function (err, res) {
       if (err) throw err
 
       const videos = res.body.data
@@ -376,7 +371,7 @@ describe('Test a single pod', function () {
   })
 
   it('Should search the first video', function (done) {
-    utils.searchVideoWithPagination(server.url, 'webm', 'name', 0, 1, function (err, res) {
+    videosUtils.searchVideoWithPagination(server.url, 'webm', 'name', 0, 1, function (err, res) {
       if (err) throw err
 
       const videos = res.body.data
@@ -389,7 +384,7 @@ describe('Test a single pod', function () {
   })
 
   it('Should search the last two videos', function (done) {
-    utils.searchVideoWithPagination(server.url, 'webm', 'name', 2, 2, function (err, res) {
+    videosUtils.searchVideoWithPagination(server.url, 'webm', 'name', 2, 2, function (err, res) {
       if (err) throw err
 
       const videos = res.body.data
@@ -403,7 +398,7 @@ describe('Test a single pod', function () {
   })
 
   it('Should search all the webm videos', function (done) {
-    utils.searchVideoWithPagination(server.url, 'webm', 'name', 0, 15, function (err, res) {
+    videosUtils.searchVideoWithPagination(server.url, 'webm', 'name', 0, 15, function (err, res) {
       if (err) throw err
 
       const videos = res.body.data
@@ -415,7 +410,7 @@ describe('Test a single pod', function () {
   })
 
   it('Should search all the root author videos', function (done) {
-    utils.searchVideoWithPagination(server.url, 'root', 'author', 0, 15, function (err, res) {
+    videosUtils.searchVideoWithPagination(server.url, 'root', 'author', 0, 15, function (err, res) {
       if (err) throw err
 
       const videos = res.body.data
@@ -427,7 +422,7 @@ describe('Test a single pod', function () {
   })
 
   it('Should search all the 9001 port videos', function (done) {
-    utils.searchVideoWithPagination(server.url, '9001', 'podUrl', 0, 15, function (err, res) {
+    videosUtils.searchVideoWithPagination(server.url, '9001', 'podUrl', 0, 15, function (err, res) {
       if (err) throw err
 
       const videos = res.body.data
@@ -439,7 +434,7 @@ describe('Test a single pod', function () {
   })
 
   it('Should search all the localhost videos', function (done) {
-    utils.searchVideoWithPagination(server.url, 'localhost', 'podUrl', 0, 15, function (err, res) {
+    videosUtils.searchVideoWithPagination(server.url, 'localhost', 'podUrl', 0, 15, function (err, res) {
       if (err) throw err
 
       const videos = res.body.data
@@ -452,7 +447,7 @@ describe('Test a single pod', function () {
 
   it('Should search the good magnetUri video', function (done) {
     const video = videosListBase[0]
-    utils.searchVideoWithPagination(server.url, encodeURIComponent(video.magnetUri), 'magnetUri', 0, 15, function (err, res) {
+    videosUtils.searchVideoWithPagination(server.url, encodeURIComponent(video.magnetUri), 'magnetUri', 0, 15, function (err, res) {
       if (err) throw err
 
       const videos = res.body.data
@@ -465,7 +460,7 @@ describe('Test a single pod', function () {
   })
 
   it('Should list and sort by name in descending order', function (done) {
-    utils.getVideosListSort(server.url, '-name', function (err, res) {
+    videosUtils.getVideosListSort(server.url, '-name', function (err, res) {
       if (err) throw err
 
       const videos = res.body.data
@@ -483,7 +478,7 @@ describe('Test a single pod', function () {
   })
 
   it('Should search and sort by name in ascending order', function (done) {
-    utils.searchVideoWithSort(server.url, 'webm', 'name', function (err, res) {
+    videosUtils.searchVideoWithSort(server.url, 'webm', 'name', function (err, res) {
       if (err) throw err
 
       const videos = res.body.data
@@ -505,7 +500,7 @@ describe('Test a single pod', function () {
 
     // Keep the logs if the test failed
     if (this.ok) {
-      utils.flushTests(done)
+      serversUtils.flushTests(done)
     } else {
       done()
     }
diff --git a/server/tests/api/users.js b/server/tests/api/users.js
index 68ba9de33..c6c892bf2 100644
--- a/server/tests/api/users.js
+++ b/server/tests/api/users.js
@@ -5,25 +5,30 @@ const expect = chai.expect
 const pathUtils = require('path')
 const series = require('async/series')
 
+const loginUtils = require('../utils/login')
+const podsUtils = require('../utils/pods')
+const serversUtils = require('../utils/servers')
+const usersUtils = require('../utils/users')
+const videosUtils = require('../utils/videos')
 const webtorrent = require(pathUtils.join(__dirname, '../../lib/webtorrent'))
 webtorrent.silent = true
 
-const utils = require('./utils')
-
 describe('Test users', function () {
   let server = null
   let accessToken = null
-  let videoId
+  let accessTokenUser = null
+  let videoId = null
+  let userId = null
 
   before(function (done) {
     this.timeout(20000)
 
     series([
       function (next) {
-        utils.flushTests(next)
+        serversUtils.flushTests(next)
       },
       function (next) {
-        utils.runServer(1, function (server1) {
+        serversUtils.runServer(1, function (server1) {
           server = server1
           next()
         })
@@ -39,7 +44,7 @@ describe('Test users', function () {
 
   it('Should not login with an invalid client id', function (done) {
     const client = { id: 'client', password: server.client.secret }
-    utils.login(server.url, client, server.user, 400, function (err, res) {
+    loginUtils.login(server.url, client, server.user, 400, function (err, res) {
       if (err) throw err
 
       expect(res.body.error).to.equal('invalid_client')
@@ -49,7 +54,7 @@ describe('Test users', function () {
 
   it('Should not login with an invalid client password', function (done) {
     const client = { id: server.client.id, password: 'coucou' }
-    utils.login(server.url, client, server.user, 400, function (err, res) {
+    loginUtils.login(server.url, client, server.user, 400, function (err, res) {
       if (err) throw err
 
       expect(res.body.error).to.equal('invalid_client')
@@ -59,7 +64,7 @@ describe('Test users', function () {
 
   it('Should not login with an invalid username', function (done) {
     const user = { username: 'captain crochet', password: server.user.password }
-    utils.login(server.url, server.client, user, 400, function (err, res) {
+    loginUtils.login(server.url, server.client, user, 400, function (err, res) {
       if (err) throw err
 
       expect(res.body.error).to.equal('invalid_grant')
@@ -69,7 +74,7 @@ describe('Test users', function () {
 
   it('Should not login with an invalid password', function (done) {
     const user = { username: server.user.username, password: 'mewthree' }
-    utils.login(server.url, server.client, user, 400, function (err, res) {
+    loginUtils.login(server.url, server.client, user, 400, function (err, res) {
       if (err) throw err
 
       expect(res.body.error).to.equal('invalid_grant')
@@ -84,21 +89,21 @@ describe('Test users', function () {
     const description = 'my super description'
     const tags = [ 'tag1', 'tag2' ]
     const video = 'video_short.webm'
-    utils.uploadVideo(server.url, accessToken, name, description, tags, video, 401, done)
+    videosUtils.uploadVideo(server.url, accessToken, name, description, tags, video, 401, done)
   })
 
   it('Should not be able to make friends', function (done) {
     accessToken = 'mysupertoken'
-    utils.makeFriends(server.url, accessToken, 401, done)
+    podsUtils.makeFriends(server.url, accessToken, 401, done)
   })
 
   it('Should not be able to quit friends', function (done) {
     accessToken = 'mysupertoken'
-    utils.quitFriends(server.url, accessToken, 401, done)
+    podsUtils.quitFriends(server.url, accessToken, 401, done)
   })
 
   it('Should be able to login', function (done) {
-    utils.login(server.url, server.client, server.user, 200, function (err, res) {
+    loginUtils.login(server.url, server.client, server.user, 200, function (err, res) {
       if (err) throw err
 
       accessToken = res.body.access_token
@@ -111,10 +116,10 @@ describe('Test users', function () {
     const description = 'my super description'
     const tags = [ 'tag1', 'tag2' ]
     const video = 'video_short.webm'
-    utils.uploadVideo(server.url, accessToken, name, description, tags, video, 204, function (err, res) {
+    videosUtils.uploadVideo(server.url, accessToken, name, description, tags, video, 204, function (err, res) {
       if (err) throw err
 
-      utils.getVideosList(server.url, function (err, res) {
+      videosUtils.getVideosList(server.url, function (err, res) {
         if (err) throw err
 
         const video = res.body.data[0]
@@ -131,17 +136,17 @@ describe('Test users', function () {
     const description = 'my super description 2'
     const tags = [ 'tag1' ]
     const video = 'video_short.webm'
-    utils.uploadVideo(server.url, accessToken, name, description, tags, video, 204, done)
+    videosUtils.uploadVideo(server.url, accessToken, name, description, tags, video, 204, done)
   })
 
   it('Should not be able to remove the video with an incorrect token', function (done) {
-    utils.removeVideo(server.url, 'bad_token', videoId, 401, done)
+    videosUtils.removeVideo(server.url, 'bad_token', videoId, 401, done)
   })
 
   it('Should not be able to remove the video with the token of another account')
 
   it('Should be able to remove the video with the correct token', function (done) {
-    utils.removeVideo(server.url, accessToken, videoId, done)
+    videosUtils.removeVideo(server.url, accessToken, videoId, done)
   })
 
   it('Should logout (revoke token)')
@@ -158,12 +163,179 @@ describe('Test users', function () {
 
   it('Should be able to upload a video again')
 
+  it('Should be able to create a new user', function (done) {
+    usersUtils.createUser(server.url, accessToken, 'user_1', 'super password', done)
+  })
+
+  it('Should be able to login with this user', function (done) {
+    server.user = {
+      username: 'user_1',
+      password: 'super password'
+    }
+
+    loginUtils.loginAndGetAccessToken(server, function (err, token) {
+      if (err) throw err
+
+      accessTokenUser = token
+
+      done()
+    })
+  })
+
+  it('Should be able to get the user informations', function (done) {
+    usersUtils.getUserInformation(server.url, accessTokenUser, function (err, res) {
+      if (err) throw err
+
+      const user = res.body
+
+      expect(user.username).to.equal('user_1')
+      expect(user.id).to.exist
+
+      done()
+    })
+  })
+
+  it('Should be able to upload a video with this user', function (done) {
+    this.timeout(5000)
+
+    const name = 'my super name'
+    const description = 'my super description'
+    const tags = [ 'tag1', 'tag2', 'tag3' ]
+    const file = 'video_short.webm'
+    videosUtils.uploadVideo(server.url, accessTokenUser, name, description, tags, file, done)
+  })
+
+  it('Should list all the users', function (done) {
+    usersUtils.getUsersList(server.url, function (err, res) {
+      if (err) throw err
+
+      const result = res.body
+      const total = result.total
+      const users = result.data
+
+      expect(total).to.equal(2)
+      expect(users).to.be.an('array')
+      expect(users.length).to.equal(2)
+
+      const user = users[0]
+      expect(user.username).to.equal('user_1')
+
+      const rootUser = users[1]
+      expect(rootUser.username).to.equal('root')
+      userId = user.id
+
+      done()
+    })
+  })
+
+  it('Should list only the first user by username asc', function (done) {
+    usersUtils.getUsersListPaginationAndSort(server.url, 0, 1, 'username', function (err, res) {
+      if (err) throw err
+
+      const result = res.body
+      const total = result.total
+      const users = result.data
+
+      expect(total).to.equal(2)
+      expect(users.length).to.equal(1)
+
+      const user = users[0]
+      expect(user.username).to.equal('root')
+
+      done()
+    })
+  })
+
+  it('Should list only the first user by username desc', function (done) {
+    usersUtils.getUsersListPaginationAndSort(server.url, 0, 1, '-username', function (err, res) {
+      if (err) throw err
+
+      const result = res.body
+      const total = result.total
+      const users = result.data
+
+      expect(total).to.equal(2)
+      expect(users.length).to.equal(1)
+
+      const user = users[0]
+      expect(user.username).to.equal('user_1')
+
+      done()
+    })
+  })
+
+  it('Should list only the second user by createdDate desc', function (done) {
+    usersUtils.getUsersListPaginationAndSort(server.url, 0, 1, '-createdDate', function (err, res) {
+      if (err) throw err
+
+      const result = res.body
+      const total = result.total
+      const users = result.data
+
+      expect(total).to.equal(2)
+      expect(users.length).to.equal(1)
+
+      const user = users[0]
+      expect(user.username).to.equal('user_1')
+
+      done()
+    })
+  })
+
+  it('Should list all the users by createdDate asc', function (done) {
+    usersUtils.getUsersListPaginationAndSort(server.url, 0, 2, 'createdDate', function (err, res) {
+      if (err) throw err
+
+      const result = res.body
+      const total = result.total
+      const users = result.data
+
+      expect(total).to.equal(2)
+      expect(users.length).to.equal(2)
+
+      expect(users[0].username).to.equal('root')
+      expect(users[1].username).to.equal('user_1')
+
+      done()
+    })
+  })
+
+  it('Should update the user password', function (done) {
+    usersUtils.updateUser(server.url, userId, accessTokenUser, 'new password', function (err, res) {
+      if (err) throw err
+
+      server.user.password = 'new password'
+      loginUtils.login(server.url, server.client, server.user, 200, done)
+    })
+  })
+
+  it('Should be able to remove this user', function (done) {
+    usersUtils.removeUser(server.url, userId, accessToken, done)
+  })
+
+  it('Should not be able to login with this user', function (done) {
+    // server.user is already set to user 1
+    loginUtils.login(server.url, server.client, server.user, 400, done)
+  })
+
+  it('Should not have videos of this user', function (done) {
+    videosUtils.getVideosList(server.url, function (err, res) {
+      if (err) throw err
+
+      expect(res.body.total).to.equal(1)
+      const video = res.body.data[0]
+      expect(video.author).to.equal('root')
+
+      done()
+    })
+  })
+
   after(function (done) {
     process.kill(-server.app.pid)
 
     // Keep the logs if the test failed
     if (this.ok) {
-      utils.flushTests(done)
+      serversUtils.flushTests(done)
     } else {
       done()
     }
diff --git a/server/tests/api/utils.js b/server/tests/api/utils.js
deleted file mode 100644
index 3cc769f26..000000000
--- a/server/tests/api/utils.js
+++ /dev/null
@@ -1,419 +0,0 @@
-'use strict'
-
-const childProcess = require('child_process')
-const exec = childProcess.exec
-const fork = childProcess.fork
-const fs = require('fs')
-const pathUtils = require('path')
-const request = require('supertest')
-
-const testUtils = {
-  dateIsValid: dateIsValid,
-  flushTests: flushTests,
-  getAllVideosListBy: getAllVideosListBy,
-  getClient: getClient,
-  getFriendsList: getFriendsList,
-  getVideo: getVideo,
-  getVideosList: getVideosList,
-  getVideosListPagination: getVideosListPagination,
-  getVideosListSort: getVideosListSort,
-  login: login,
-  loginAndGetAccessToken: loginAndGetAccessToken,
-  makeFriends: makeFriends,
-  quitFriends: quitFriends,
-  removeVideo: removeVideo,
-  flushAndRunMultipleServers: flushAndRunMultipleServers,
-  runServer: runServer,
-  searchVideo: searchVideo,
-  searchVideoWithPagination: searchVideoWithPagination,
-  searchVideoWithSort: searchVideoWithSort,
-  testImage: testImage,
-  uploadVideo: uploadVideo
-}
-
-// ---------------------- Export functions --------------------
-
-function dateIsValid (dateString) {
-  const dateToCheck = new Date(dateString)
-  const now = new Date()
-
-  // Check if the interval is more than 2 minutes
-  if (now - dateToCheck > 120000) return false
-
-  return true
-}
-
-function flushTests (callback) {
-  exec('npm run clean:server:test', callback)
-}
-
-function getAllVideosListBy (url, end) {
-  const path = '/api/v1/videos'
-
-  request(url)
-    .get(path)
-    .query({ sort: 'createdDate' })
-    .query({ start: 0 })
-    .query({ count: 10000 })
-    .set('Accept', 'application/json')
-    .expect(200)
-    .expect('Content-Type', /json/)
-    .end(end)
-}
-
-function getClient (url, end) {
-  const path = '/api/v1/users/client'
-
-  request(url)
-    .get(path)
-    .set('Accept', 'application/json')
-    .expect(200)
-    .expect('Content-Type', /json/)
-    .end(end)
-}
-
-function getFriendsList (url, end) {
-  const path = '/api/v1/pods/'
-
-  request(url)
-    .get(path)
-    .set('Accept', 'application/json')
-    .expect(200)
-    .expect('Content-Type', /json/)
-    .end(end)
-}
-
-function getVideo (url, id, end) {
-  const path = '/api/v1/videos/' + id
-
-  request(url)
-    .get(path)
-    .set('Accept', 'application/json')
-    .expect(200)
-    .expect('Content-Type', /json/)
-    .end(end)
-}
-
-function getVideosList (url, end) {
-  const path = '/api/v1/videos'
-
-  request(url)
-    .get(path)
-    .query({ sort: 'name' })
-    .set('Accept', 'application/json')
-    .expect(200)
-    .expect('Content-Type', /json/)
-    .end(end)
-}
-
-function getVideosListPagination (url, start, count, end) {
-  const path = '/api/v1/videos'
-
-  request(url)
-    .get(path)
-    .query({ start: start })
-    .query({ count: count })
-    .set('Accept', 'application/json')
-    .expect(200)
-    .expect('Content-Type', /json/)
-    .end(end)
-}
-
-function getVideosListSort (url, sort, end) {
-  const path = '/api/v1/videos'
-
-  request(url)
-    .get(path)
-    .query({ sort: sort })
-    .set('Accept', 'application/json')
-    .expect(200)
-    .expect('Content-Type', /json/)
-    .end(end)
-}
-
-function login (url, client, user, expectedStatus, end) {
-  if (!end) {
-    end = expectedStatus
-    expectedStatus = 200
-  }
-
-  const path = '/api/v1/users/token'
-
-  const body = {
-    client_id: client.id,
-    client_secret: client.secret,
-    username: user.username,
-    password: user.password,
-    response_type: 'code',
-    grant_type: 'password',
-    scope: 'upload'
-  }
-
-  request(url)
-    .post(path)
-    .type('form')
-    .send(body)
-    .expect(expectedStatus)
-    .end(end)
-}
-
-function loginAndGetAccessToken (server, callback) {
-  login(server.url, server.client, server.user, 200, function (err, res) {
-    if (err) return callback(err)
-
-    return callback(null, res.body.access_token)
-  })
-}
-
-function makeFriends (url, accessToken, expectedStatus, callback) {
-  if (!callback) {
-    callback = expectedStatus
-    expectedStatus = 204
-  }
-
-  const path = '/api/v1/pods/makefriends'
-
-  // The first pod make friend with the third
-  request(url)
-    .get(path)
-    .set('Accept', 'application/json')
-    .set('Authorization', 'Bearer ' + accessToken)
-    .expect(expectedStatus)
-    .end(function (err, res) {
-      if (err) throw err
-
-      // Wait for the request between pods
-      setTimeout(callback, 1000)
-    })
-}
-
-function quitFriends (url, accessToken, expectedStatus, callback) {
-  if (!callback) {
-    callback = expectedStatus
-    expectedStatus = 204
-  }
-
-  const path = '/api/v1/pods/quitfriends'
-
-  // The first pod make friend with the third
-  request(url)
-    .get(path)
-    .set('Accept', 'application/json')
-    .set('Authorization', 'Bearer ' + accessToken)
-    .expect(expectedStatus)
-    .end(function (err, res) {
-      if (err) throw err
-
-      // Wait for the request between pods
-      setTimeout(callback, 1000)
-    })
-}
-
-function removeVideo (url, token, id, expectedStatus, end) {
-  if (!end) {
-    end = expectedStatus
-    expectedStatus = 204
-  }
-
-  const path = '/api/v1/videos'
-
-  request(url)
-    .delete(path + '/' + id)
-    .set('Accept', 'application/json')
-    .set('Authorization', 'Bearer ' + token)
-    .expect(expectedStatus)
-    .end(end)
-}
-
-function flushAndRunMultipleServers (totalServers, serversRun) {
-  let apps = []
-  let urls = []
-  let i = 0
-
-  function anotherServerDone (number, app, url) {
-    apps[number - 1] = app
-    urls[number - 1] = url
-    i++
-    if (i === totalServers) {
-      serversRun(apps, urls)
-    }
-  }
-
-  flushTests(function () {
-    for (let j = 1; j <= totalServers; j++) {
-      // For the virtual buffer
-      setTimeout(function () {
-        runServer(j, function (app, url) {
-          anotherServerDone(j, app, url)
-        })
-      }, 1000 * j)
-    }
-  })
-}
-
-function runServer (number, callback) {
-  const server = {
-    app: null,
-    url: `http://localhost:${9000 + number}`,
-    client: {
-      id: null,
-      secret: null
-    },
-    user: {
-      username: null,
-      password: null
-    }
-  }
-
-  // These actions are async so we need to be sure that they have both been done
-  const serverRunString = {
-    'Connected to mongodb': false,
-    'Server listening on port': false
-  }
-
-  const regexps = {
-    client_id: 'Client id: ([a-f0-9]+)',
-    client_secret: 'Client secret: (.+)',
-    user_username: 'Username: (.+)',
-    user_password: 'User password: (.+)'
-  }
-
-  // Share the environment
-  const env = Object.create(process.env)
-  env.NODE_ENV = 'test'
-  env.NODE_APP_INSTANCE = number
-  const options = {
-    silent: true,
-    env: env,
-    detached: true
-  }
-
-  server.app = fork(pathUtils.join(__dirname, '../../../server.js'), [], options)
-  server.app.stdout.on('data', function onStdout (data) {
-    let dontContinue = false
-
-    // Capture things if we want to
-    for (const key of Object.keys(regexps)) {
-      const regexp = regexps[key]
-      const matches = data.toString().match(regexp)
-      if (matches !== null) {
-        if (key === 'client_id') server.client.id = matches[1]
-        else if (key === 'client_secret') server.client.secret = matches[1]
-        else if (key === 'user_username') server.user.username = matches[1]
-        else if (key === 'user_password') server.user.password = matches[1]
-      }
-    }
-
-    // Check if all required sentences are here
-    for (const key of Object.keys(serverRunString)) {
-      if (data.toString().indexOf(key) !== -1) serverRunString[key] = true
-      if (serverRunString[key] === false) dontContinue = true
-    }
-
-    // If no, there is maybe one thing not already initialized (mongodb...)
-    if (dontContinue === true) return
-
-    server.app.stdout.removeListener('data', onStdout)
-    callback(server)
-  })
-}
-
-function searchVideo (url, search, field, end) {
-  if (!end) {
-    end = field
-    field = null
-  }
-
-  const path = '/api/v1/videos'
-  const req = request(url)
-              .get(path + '/search/' + search)
-              .set('Accept', 'application/json')
-
-  if (field) req.query({ field: field })
-  req.expect(200)
-     .expect('Content-Type', /json/)
-     .end(end)
-}
-
-function searchVideoWithPagination (url, search, field, start, count, end) {
-  const path = '/api/v1/videos'
-
-  request(url)
-    .get(path + '/search/' + search)
-    .query({ start: start })
-    .query({ count: count })
-    .query({ field: field })
-    .set('Accept', 'application/json')
-    .expect(200)
-    .expect('Content-Type', /json/)
-    .end(end)
-}
-
-function searchVideoWithSort (url, search, sort, end) {
-  const path = '/api/v1/videos'
-
-  request(url)
-    .get(path + '/search/' + search)
-    .query({ sort: sort })
-    .set('Accept', 'application/json')
-    .expect(200)
-    .expect('Content-Type', /json/)
-    .end(end)
-}
-
-function testImage (url, videoName, imagePath, callback) {
-  // Don't test images if the node env is not set
-  // Because we need a special ffmpeg version for this test
-  if (process.env.NODE_TEST_IMAGE) {
-    request(url)
-      .get(imagePath)
-      .expect(200)
-      .end(function (err, res) {
-        if (err) return callback(err)
-
-        fs.readFile(pathUtils.join(__dirname, 'fixtures', videoName + '.jpg'), function (err, data) {
-          if (err) return callback(err)
-
-          callback(null, data.equals(res.body))
-        })
-      })
-  } else {
-    console.log('Do not test images. Enable it by setting NODE_TEST_IMAGE env variable.')
-    callback(null, true)
-  }
-}
-
-function uploadVideo (url, accessToken, name, description, tags, fixture, specialStatus, end) {
-  if (!end) {
-    end = specialStatus
-    specialStatus = 204
-  }
-
-  const path = '/api/v1/videos'
-
-  const req = request(url)
-              .post(path)
-              .set('Accept', 'application/json')
-              .set('Authorization', 'Bearer ' + accessToken)
-              .field('name', name)
-              .field('description', description)
-
-  for (let i = 0; i < tags.length; i++) {
-    req.field('tags[' + i + ']', tags[i])
-  }
-
-  let filepath = ''
-  if (pathUtils.isAbsolute(fixture)) {
-    filepath = fixture
-  } else {
-    filepath = pathUtils.join(__dirname, 'fixtures', fixture)
-  }
-
-  req.attach('videofile', filepath)
-     .expect(specialStatus)
-     .end(end)
-}
-
-// ---------------------------------------------------------------------------
-
-module.exports = testUtils
diff --git a/server/tests/real-world/real-world.js b/server/tests/real-world/real-world.js
index b28796852..dba1970c5 100644
--- a/server/tests/real-world/real-world.js
+++ b/server/tests/real-world/real-world.js
@@ -1,6 +1,6 @@
 'use strict'
 
-const each = require('each')
+const each = require('async/each')
 const isEqual = require('lodash/isEqual')
 const program = require('commander')
 const series = require('async/series')
@@ -8,7 +8,10 @@ const series = require('async/series')
 process.env.NODE_ENV = 'test'
 const constants = require('../../initializers/constants')
 
-const utils = require('../api/utils')
+const loginUtils = require('../utils/login')
+const podsUtils = require('../utils/pods')
+const serversUtils = require('../utils/servers')
+const videosUtils = require('../utils/videos')
 
 program
   .option('-c, --create [weight]', 'Weight for creating videos')
@@ -97,7 +100,7 @@ function runServers (numberOfPods, callback) {
   series([
     // Run servers
     function (next) {
-      utils.flushAndRunMultipleServers(numberOfPods, function (serversRun) {
+      serversUtils.flushAndRunMultipleServers(numberOfPods, function (serversRun) {
         servers = serversRun
         next()
       })
@@ -105,7 +108,7 @@ function runServers (numberOfPods, callback) {
     // Get the access tokens
     function (next) {
       each(servers, function (server, callbackEach) {
-        utils.loginAndGetAccessToken(server, function (err, accessToken) {
+        loginUtils.loginAndGetAccessToken(server, function (err, accessToken) {
           if (err) return callbackEach(err)
 
           server.accessToken = accessToken
@@ -115,26 +118,26 @@ function runServers (numberOfPods, callback) {
     },
     function (next) {
       const server = servers[1]
-      utils.makeFriends(server.url, server.accessToken, next)
+      podsUtils.makeFriends(server.url, server.accessToken, next)
     },
     function (next) {
       const server = servers[0]
-      utils.makeFriends(server.url, server.accessToken, next)
+      podsUtils.makeFriends(server.url, server.accessToken, next)
     },
     function (next) {
       setTimeout(next, 1000)
     },
     function (next) {
       const server = servers[3]
-      utils.makeFriends(server.url, server.accessToken, next)
+      podsUtils.makeFriends(server.url, server.accessToken, next)
     },
     function (next) {
       const server = servers[5]
-      utils.makeFriends(server.url, server.accessToken, next)
+      podsUtils.makeFriends(server.url, server.accessToken, next)
     },
     function (next) {
       const server = servers[4]
-      utils.makeFriends(server.url, server.accessToken, next)
+      podsUtils.makeFriends(server.url, server.accessToken, next)
     },
     function (next) {
       setTimeout(next, 1000)
@@ -151,7 +154,7 @@ function exitServers (servers, callback) {
     if (server.app) process.kill(-server.app.pid)
   })
 
-  if (flushAtExit) utils.flushTests(callback)
+  if (flushAtExit) serversUtils.flushTests(callback)
 }
 
 function upload (servers, numServer, callback) {
@@ -164,13 +167,13 @@ function upload (servers, numServer, callback) {
 
   console.log('Upload video to server ' + numServer)
 
-  utils.uploadVideo(servers[numServer].url, servers[numServer].accessToken, name, description, tags, file, callback)
+  videosUtils.uploadVideo(servers[numServer].url, servers[numServer].accessToken, name, description, tags, file, callback)
 }
 
 function remove (servers, numServer, callback) {
   if (!callback) callback = function () {}
 
-  utils.getVideosList(servers[numServer].url, function (err, res) {
+  videosUtils.getVideosList(servers[numServer].url, function (err, res) {
     if (err) throw err
 
     const videos = res.body.data
@@ -179,14 +182,14 @@ function remove (servers, numServer, callback) {
     const toRemove = videos[getRandomInt(0, videos.length)].id
 
     console.log('Removing video from server ' + numServer)
-    utils.removeVideo(servers[numServer].url, servers[numServer].accessToken, toRemove, callback)
+    videosUtils.removeVideo(servers[numServer].url, servers[numServer].accessToken, toRemove, callback)
   })
 }
 
 function checkIntegrity (servers, callback) {
   const videos = []
   each(servers, function (server, callback) {
-    utils.getAllVideosListBy(server.url, function (err, res) {
+    videosUtils.getAllVideosListBy(server.url, function (err, res) {
       if (err) throw err
       const serverVideos = res.body.data
       for (const serverVideo of serverVideos) {
diff --git a/server/tests/utils/clients.js b/server/tests/utils/clients.js
new file mode 100644
index 000000000..e3ded493e
--- /dev/null
+++ b/server/tests/utils/clients.js
@@ -0,0 +1,24 @@
+'use strict'
+
+const request = require('supertest')
+
+const clientsUtils = {
+  getClient: getClient
+}
+
+// ---------------------- Export functions --------------------
+
+function getClient (url, end) {
+  const path = '/api/v1/users/client'
+
+  request(url)
+    .get(path)
+    .set('Accept', 'application/json')
+    .expect(200)
+    .expect('Content-Type', /json/)
+    .end(end)
+}
+
+// ---------------------------------------------------------------------------
+
+module.exports = clientsUtils
diff --git a/server/tests/utils/login.js b/server/tests/utils/login.js
new file mode 100644
index 000000000..465564e14
--- /dev/null
+++ b/server/tests/utils/login.js
@@ -0,0 +1,48 @@
+'use strict'
+
+const request = require('supertest')
+
+const loginUtils = {
+  login,
+  loginAndGetAccessToken
+}
+
+// ---------------------- Export functions --------------------
+
+function login (url, client, user, expectedStatus, end) {
+  if (!end) {
+    end = expectedStatus
+    expectedStatus = 200
+  }
+
+  const path = '/api/v1/users/token'
+
+  const body = {
+    client_id: client.id,
+    client_secret: client.secret,
+    username: user.username,
+    password: user.password,
+    response_type: 'code',
+    grant_type: 'password',
+    scope: 'upload'
+  }
+
+  request(url)
+    .post(path)
+    .type('form')
+    .send(body)
+    .expect(expectedStatus)
+    .end(end)
+}
+
+function loginAndGetAccessToken (server, callback) {
+  login(server.url, server.client, server.user, 200, function (err, res) {
+    if (err) return callback(err)
+
+    return callback(null, res.body.access_token)
+  })
+}
+
+// ---------------------------------------------------------------------------
+
+module.exports = loginUtils
diff --git a/server/tests/utils/miscs.js b/server/tests/utils/miscs.js
new file mode 100644
index 000000000..4ceff65df
--- /dev/null
+++ b/server/tests/utils/miscs.js
@@ -0,0 +1,21 @@
+'use strict'
+
+const miscsUtils = {
+  dateIsValid
+}
+
+// ---------------------- Export functions --------------------
+
+function dateIsValid (dateString) {
+  const dateToCheck = new Date(dateString)
+  const now = new Date()
+
+  // Check if the interval is more than 2 minutes
+  if (now - dateToCheck > 120000) return false
+
+  return true
+}
+
+// ---------------------------------------------------------------------------
+
+module.exports = miscsUtils
diff --git a/server/tests/utils/pods.js b/server/tests/utils/pods.js
new file mode 100644
index 000000000..a8551a49d
--- /dev/null
+++ b/server/tests/utils/pods.js
@@ -0,0 +1,95 @@
+'use strict'
+
+const request = require('supertest')
+
+const podsUtils = {
+  getFriendsList,
+  makeFriends,
+  quitFriends
+}
+
+// ---------------------- Export functions --------------------
+
+function getFriendsList (url, end) {
+  const path = '/api/v1/pods/'
+
+  request(url)
+    .get(path)
+    .set('Accept', 'application/json')
+    .expect(200)
+    .expect('Content-Type', /json/)
+    .end(end)
+}
+
+function makeFriends (url, accessToken, expectedStatus, end) {
+  if (!end) {
+    end = expectedStatus
+    expectedStatus = 204
+  }
+
+  // Which pod makes friends with which pod
+  const friendsMatrix = {
+    'http://localhost:9001': [
+      'http://localhost:9002'
+    ],
+    'http://localhost:9002': [
+      'http://localhost:9003'
+    ],
+    'http://localhost:9003': [
+      'http://localhost:9001'
+    ],
+    'http://localhost:9004': [
+      'http://localhost:9002'
+    ],
+    'http://localhost:9005': [
+      'http://localhost:9001',
+      'http://localhost:9004'
+    ],
+    'http://localhost:9006': [
+      'http://localhost:9001',
+      'http://localhost:9002',
+      'http://localhost:9003'
+    ]
+  }
+  const path = '/api/v1/pods/makefriends'
+
+  // The first pod make friend with the third
+  request(url)
+    .post(path)
+    .set('Accept', 'application/json')
+    .set('Authorization', 'Bearer ' + accessToken)
+    .send({ 'urls': friendsMatrix[url] })
+    .expect(expectedStatus)
+    .end(function (err, res) {
+      if (err) throw err
+
+      // Wait for the request between pods
+      setTimeout(end, 1000)
+    })
+}
+
+function quitFriends (url, accessToken, expectedStatus, end) {
+  if (!end) {
+    end = expectedStatus
+    expectedStatus = 204
+  }
+
+  const path = '/api/v1/pods/quitfriends'
+
+  // The first pod make friend with the third
+  request(url)
+    .get(path)
+    .set('Accept', 'application/json')
+    .set('Authorization', 'Bearer ' + accessToken)
+    .expect(expectedStatus)
+    .end(function (err, res) {
+      if (err) throw err
+
+      // Wait for the request between pods
+      setTimeout(end, 1000)
+    })
+}
+
+// ---------------------------------------------------------------------------
+
+module.exports = podsUtils
diff --git a/server/tests/utils/requests.js b/server/tests/utils/requests.js
new file mode 100644
index 000000000..b1470814d
--- /dev/null
+++ b/server/tests/utils/requests.js
@@ -0,0 +1,68 @@
+'use strict'
+
+const request = require('supertest')
+
+const requestsUtils = {
+  makePostUploadRequest,
+  makePostBodyRequest,
+  makePutBodyRequest
+}
+
+// ---------------------- Export functions --------------------
+
+function makePostUploadRequest (url, path, token, fields, attaches, done, statusCodeExpected) {
+  if (!statusCodeExpected) statusCodeExpected = 400
+
+  const req = request(url)
+    .post(path)
+    .set('Accept', 'application/json')
+
+  if (token) req.set('Authorization', 'Bearer ' + token)
+
+  Object.keys(fields).forEach(function (field) {
+    const value = fields[field]
+
+    if (Array.isArray(value)) {
+      for (let i = 0; i < value.length; i++) {
+        req.field(field + '[' + i + ']', value[i])
+      }
+    } else {
+      req.field(field, value)
+    }
+  })
+
+  Object.keys(attaches).forEach(function (attach) {
+    const value = attaches[attach]
+    req.attach(attach, value)
+  })
+
+  req.expect(statusCodeExpected, done)
+}
+
+function makePostBodyRequest (url, path, token, fields, done, statusCodeExpected) {
+  if (!statusCodeExpected) statusCodeExpected = 400
+
+  const req = request(url)
+    .post(path)
+    .set('Accept', 'application/json')
+
+  if (token) req.set('Authorization', 'Bearer ' + token)
+
+  req.send(fields).expect(statusCodeExpected, done)
+}
+
+function makePutBodyRequest (url, path, token, fields, done, statusCodeExpected) {
+  if (!statusCodeExpected) statusCodeExpected = 400
+
+  const req = request(url)
+    .put(path)
+    .set('Accept', 'application/json')
+
+  if (token) req.set('Authorization', 'Bearer ' + token)
+
+  req.send(fields).expect(statusCodeExpected, done)
+}
+
+// ---------------------------------------------------------------------------
+
+module.exports = requestsUtils
diff --git a/server/tests/utils/servers.js b/server/tests/utils/servers.js
new file mode 100644
index 000000000..d62838bc7
--- /dev/null
+++ b/server/tests/utils/servers.js
@@ -0,0 +1,115 @@
+'use strict'
+
+const childProcess = require('child_process')
+const exec = childProcess.exec
+const fork = childProcess.fork
+const pathUtils = require('path')
+
+const serversUtils = {
+  flushAndRunMultipleServers,
+  flushTests,
+  runServer
+}
+
+// ---------------------- Export functions --------------------
+
+function flushAndRunMultipleServers (totalServers, serversRun) {
+  let apps = []
+  let urls = []
+  let i = 0
+
+  function anotherServerDone (number, app, url) {
+    apps[number - 1] = app
+    urls[number - 1] = url
+    i++
+    if (i === totalServers) {
+      serversRun(apps, urls)
+    }
+  }
+
+  flushTests(function () {
+    for (let j = 1; j <= totalServers; j++) {
+      // For the virtual buffer
+      setTimeout(function () {
+        runServer(j, function (app, url) {
+          anotherServerDone(j, app, url)
+        })
+      }, 1000 * j)
+    }
+  })
+}
+
+function flushTests (callback) {
+  exec('npm run clean:server:test', callback)
+}
+
+function runServer (number, callback) {
+  const server = {
+    app: null,
+    url: `http://localhost:${9000 + number}`,
+    client: {
+      id: null,
+      secret: null
+    },
+    user: {
+      username: null,
+      password: null
+    }
+  }
+
+  // These actions are async so we need to be sure that they have both been done
+  const serverRunString = {
+    'Connected to mongodb': false,
+    'Server listening on port': false
+  }
+
+  const regexps = {
+    client_id: 'Client id: ([a-f0-9]+)',
+    client_secret: 'Client secret: (.+)',
+    user_username: 'Username: (.+)',
+    user_password: 'User password: (.+)'
+  }
+
+  // Share the environment
+  const env = Object.create(process.env)
+  env.NODE_ENV = 'test'
+  env.NODE_APP_INSTANCE = number
+  const options = {
+    silent: true,
+    env: env,
+    detached: true
+  }
+
+  server.app = fork(pathUtils.join(__dirname, '../../../server.js'), [], options)
+  server.app.stdout.on('data', function onStdout (data) {
+    let dontContinue = false
+
+    // Capture things if we want to
+    for (const key of Object.keys(regexps)) {
+      const regexp = regexps[key]
+      const matches = data.toString().match(regexp)
+      if (matches !== null) {
+        if (key === 'client_id') server.client.id = matches[1]
+        else if (key === 'client_secret') server.client.secret = matches[1]
+        else if (key === 'user_username') server.user.username = matches[1]
+        else if (key === 'user_password') server.user.password = matches[1]
+      }
+    }
+
+    // Check if all required sentences are here
+    for (const key of Object.keys(serverRunString)) {
+      if (data.toString().indexOf(key) !== -1) serverRunString[key] = true
+      if (serverRunString[key] === false) dontContinue = true
+    }
+
+    // If no, there is maybe one thing not already initialized (mongodb...)
+    if (dontContinue === true) return
+
+    server.app.stdout.removeListener('data', onStdout)
+    callback(server)
+  })
+}
+
+// ---------------------------------------------------------------------------
+
+module.exports = serversUtils
diff --git a/server/tests/utils/users.js b/server/tests/utils/users.js
new file mode 100644
index 000000000..2bf9c6e3e
--- /dev/null
+++ b/server/tests/utils/users.js
@@ -0,0 +1,100 @@
+'use strict'
+
+const request = require('supertest')
+
+const usersUtils = {
+  createUser,
+  getUserInformation,
+  getUsersList,
+  getUsersListPaginationAndSort,
+  removeUser,
+  updateUser
+}
+
+// ---------------------- Export functions --------------------
+
+function createUser (url, accessToken, username, password, specialStatus, end) {
+  if (!end) {
+    end = specialStatus
+    specialStatus = 204
+  }
+
+  const path = '/api/v1/users'
+
+  request(url)
+    .post(path)
+    .set('Accept', 'application/json')
+    .set('Authorization', 'Bearer ' + accessToken)
+    .send({ username: username, password: password })
+    .expect(specialStatus)
+    .end(end)
+}
+
+function getUserInformation (url, accessToken, end) {
+  const path = '/api/v1/users/me'
+
+  request(url)
+    .get(path)
+    .set('Accept', 'application/json')
+    .set('Authorization', 'Bearer ' + accessToken)
+    .expect(200)
+    .expect('Content-Type', /json/)
+    .end(end)
+}
+
+function getUsersList (url, end) {
+  const path = '/api/v1/users'
+
+  request(url)
+    .get(path)
+    .set('Accept', 'application/json')
+    .expect(200)
+    .expect('Content-Type', /json/)
+    .end(end)
+}
+
+function getUsersListPaginationAndSort (url, start, count, sort, end) {
+  const path = '/api/v1/users'
+
+  request(url)
+    .get(path)
+    .query({ start: start })
+    .query({ count: count })
+    .query({ sort: sort })
+    .set('Accept', 'application/json')
+    .expect(200)
+    .expect('Content-Type', /json/)
+    .end(end)
+}
+
+function removeUser (url, userId, accessToken, expectedStatus, end) {
+  if (!end) {
+    end = expectedStatus
+    expectedStatus = 204
+  }
+
+  const path = '/api/v1/users'
+
+  request(url)
+    .delete(path + '/' + userId)
+    .set('Accept', 'application/json')
+    .set('Authorization', 'Bearer ' + accessToken)
+    .expect(expectedStatus)
+    .end(end)
+}
+
+function updateUser (url, userId, accessToken, newPassword, end) {
+  const path = '/api/v1/users/' + userId
+
+  request(url)
+    .put(path)
+    .set('Accept', 'application/json')
+    .set('Authorization', 'Bearer ' + accessToken)
+    .send({ password: newPassword })
+    .expect(204)
+    .end(end)
+}
+
+// ---------------------------------------------------------------------------
+
+module.exports = usersUtils
diff --git a/server/tests/utils/videos.js b/server/tests/utils/videos.js
new file mode 100644
index 000000000..536093db1
--- /dev/null
+++ b/server/tests/utils/videos.js
@@ -0,0 +1,199 @@
+'use strict'
+
+const fs = require('fs')
+const pathUtils = require('path')
+const request = require('supertest')
+
+const videosUtils = {
+  getAllVideosListBy,
+  getVideo,
+  getVideosList,
+  getVideosListPagination,
+  getVideosListSort,
+  removeVideo,
+  searchVideo,
+  searchVideoWithPagination,
+  searchVideoWithSort,
+  testVideoImage,
+  uploadVideo
+}
+
+// ---------------------- Export functions --------------------
+
+function getAllVideosListBy (url, end) {
+  const path = '/api/v1/videos'
+
+  request(url)
+    .get(path)
+    .query({ sort: 'createdDate' })
+    .query({ start: 0 })
+    .query({ count: 10000 })
+    .set('Accept', 'application/json')
+    .expect(200)
+    .expect('Content-Type', /json/)
+    .end(end)
+}
+
+function getVideo (url, id, end) {
+  const path = '/api/v1/videos/' + id
+
+  request(url)
+    .get(path)
+    .set('Accept', 'application/json')
+    .expect(200)
+    .expect('Content-Type', /json/)
+    .end(end)
+}
+
+function getVideosList (url, end) {
+  const path = '/api/v1/videos'
+
+  request(url)
+    .get(path)
+    .query({ sort: 'name' })
+    .set('Accept', 'application/json')
+    .expect(200)
+    .expect('Content-Type', /json/)
+    .end(end)
+}
+
+function getVideosListPagination (url, start, count, end) {
+  const path = '/api/v1/videos'
+
+  request(url)
+    .get(path)
+    .query({ start: start })
+    .query({ count: count })
+    .set('Accept', 'application/json')
+    .expect(200)
+    .expect('Content-Type', /json/)
+    .end(end)
+}
+
+function getVideosListSort (url, sort, end) {
+  const path = '/api/v1/videos'
+
+  request(url)
+    .get(path)
+    .query({ sort: sort })
+    .set('Accept', 'application/json')
+    .expect(200)
+    .expect('Content-Type', /json/)
+    .end(end)
+}
+
+function removeVideo (url, token, id, expectedStatus, end) {
+  if (!end) {
+    end = expectedStatus
+    expectedStatus = 204
+  }
+
+  const path = '/api/v1/videos'
+
+  request(url)
+    .delete(path + '/' + id)
+    .set('Accept', 'application/json')
+    .set('Authorization', 'Bearer ' + token)
+    .expect(expectedStatus)
+    .end(end)
+}
+
+function searchVideo (url, search, field, end) {
+  if (!end) {
+    end = field
+    field = null
+  }
+
+  const path = '/api/v1/videos'
+  const req = request(url)
+              .get(path + '/search/' + search)
+              .set('Accept', 'application/json')
+
+  if (field) req.query({ field: field })
+  req.expect(200)
+     .expect('Content-Type', /json/)
+     .end(end)
+}
+
+function searchVideoWithPagination (url, search, field, start, count, end) {
+  const path = '/api/v1/videos'
+
+  request(url)
+    .get(path + '/search/' + search)
+    .query({ start: start })
+    .query({ count: count })
+    .query({ field: field })
+    .set('Accept', 'application/json')
+    .expect(200)
+    .expect('Content-Type', /json/)
+    .end(end)
+}
+
+function searchVideoWithSort (url, search, sort, end) {
+  const path = '/api/v1/videos'
+
+  request(url)
+    .get(path + '/search/' + search)
+    .query({ sort: sort })
+    .set('Accept', 'application/json')
+    .expect(200)
+    .expect('Content-Type', /json/)
+    .end(end)
+}
+
+function testVideoImage (url, videoName, imagePath, callback) {
+  // Don't test images if the node env is not set
+  // Because we need a special ffmpeg version for this test
+  if (process.env.NODE_TEST_IMAGE) {
+    request(url)
+      .get(imagePath)
+      .expect(200)
+      .end(function (err, res) {
+        if (err) return callback(err)
+
+        fs.readFile(pathUtils.join(__dirname, '..', 'api', 'fixtures', videoName + '.jpg'), function (err, data) {
+          if (err) return callback(err)
+
+          callback(null, data.equals(res.body))
+        })
+      })
+  } else {
+    console.log('Do not test images. Enable it by setting NODE_TEST_IMAGE env variable.')
+    callback(null, true)
+  }
+}
+
+function uploadVideo (url, accessToken, name, description, tags, fixture, specialStatus, end) {
+  if (!end) {
+    end = specialStatus
+    specialStatus = 204
+  }
+
+  const path = '/api/v1/videos'
+
+  const req = request(url)
+              .post(path)
+              .set('Accept', 'application/json')
+              .set('Authorization', 'Bearer ' + accessToken)
+              .field('name', name)
+              .field('description', description)
+
+  for (let i = 0; i < tags.length; i++) {
+    req.field('tags[' + i + ']', tags[i])
+  }
+
+  let filepath = ''
+  if (pathUtils.isAbsolute(fixture)) {
+    filepath = fixture
+  } else {
+    filepath = pathUtils.join(__dirname, '..', 'api', 'fixtures', fixture)
+  }
+
+  req.attach('videofile', filepath)
+     .expect(specialStatus)
+     .end(end)
+}
+
+// ---------------------------------------------------------------------------
+
+module.exports = videosUtils