1 files changed, 284 insertions, 0 deletions
diff --git a/server/tests/api/check-params/users.js b/server/tests/api/check-params/users.js
new file mode 100644
index 000000000..c1fcf34a4
--- /dev/null
+++ b/server/tests/api/check-params/users.js
@@ -0,0 +1,284 @@
+'use strict'
+const request = require('supertest')
+const series = require('async/series')
+const loginUtils = require('../../utils/login')
+const requestsUtils = require('../../utils/requests')
+const serversUtils = require('../../utils/servers')
+const usersUtils = require('../../utils/users')
+describe('Test users API validators', function () {
+  const path = '/api/v1/users/'
+  let userId = null
+  let rootId = null
+  let server = null
+  let userAccessToken = null
+  // ---------------------------------------------------------------
+  before(function (done) {
+    this.timeout(20000)
+    series([
+      function (next) {
+        serversUtils.flushTests(next)
+      },
+      function (next) {
+        serversUtils.runServer(1, function (server1) {
+          server = server1
+          next()
+        })
+      },
+      function (next) {
+        loginUtils.loginAndGetAccessToken(server, function (err, token) {
+          if (err) throw err
+          server.accessToken = token
+          next()
+        })
+      },
+      function (next) {
+        const username = 'user1'
+        const password = 'my super password'
+        usersUtils.createUser(server.url, server.accessToken, username, password, next)
+      },
+      function (next) {
+        const user = {
+          username: 'user1',
+          password: 'my super password'
+        }
+        loginUtils.getUserAccessToken(server, user, function (err, accessToken) {
+          if (err) throw err
+          userAccessToken = accessToken
+          next()
+        })
+      }
+    ], done)
+  })
+  describe('When listing users', function () {
+    it('Should fail with a bad start pagination', function (done) {
+      request(server.url)
+        .get(path)
+        .query({ start: 'hello' })
+        .set('Accept', 'application/json')
+        .expect(400, done)
+    })
+    it('Should fail with a bad count pagination', function (done) {
+      request(server.url)
+        .get(path)
+        .query({ count: 'hello' })
+        .set('Accept', 'application/json')
+        .expect(400, done)
+    })
+    it('Should fail with an incorrect sort', function (done) {
+      request(server.url)
+        .get(path)
+        .query({ sort: 'hello' })
+        .set('Accept', 'application/json')
+        .expect(400, done)
+    })
+  })
+  describe('When adding a new user', function () {
+    it('Should fail with a too small username', function (done) {
+      const data = {
+        username: 'ji',
+        password: 'mysuperpassword'
+      }
+      requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
+    })
+    it('Should fail with a too long username', function (done) {
+      const data = {
+        username: 'mysuperusernamewhichisverylong',
+        password: 'mysuperpassword'
+      }
+      requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
+    })
+    it('Should fail with an incorrect username', function (done) {
+      const data = {
+        username: 'my username',
+        password: 'mysuperpassword'
+      }
+      requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
+    })
+    it('Should fail with a too small password', function (done) {
+      const data = {
+        username: 'myusername',
+        password: 'bla'
+      }
+      requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
+    })
+    it('Should fail with a too long password', function (done) {
+      const data = {
+        username: 'myusername',
+        password: 'my super long password which is very very very very very very very very very very very very very very' +
+                  'very very very very very very very very very very very very very very very veryv very very very very' +
+                  'very very very very very very very very very very very very very very very very very very very very long'
+      }
+      requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
+    })
+    it('Should fail with an non authenticated user', function (done) {
+      const data = {
+        username: 'myusername',
+        password: 'my super password'
+      }
+      requestsUtils.makePostBodyRequest(server.url, path, 'super token', data, done, 401)
+    })
+    it('Should fail if we add a user with the same username', function (done) {
+      const data = {
+        username: 'user1',
+        password: 'my super password'
+      }
+      requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done, 409)
+    })
+    it('Should succeed with the correct params', function (done) {
+      const data = {
+        username: 'user2',
+        password: 'my super password'
+      }
+      requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done, 204)
+    })
+    it('Should fail with a non admin user', function (done) {
+      server.user = {
+        username: 'user1',
+        password: 'my super password'
+      }
+      loginUtils.loginAndGetAccessToken(server, function (err, accessToken) {
+        if (err) throw err
+        userAccessToken = accessToken
+        const data = {
+          username: 'user3',
+          password: 'my super password'
+        }
+        requestsUtils.makePostBodyRequest(server.url, path, userAccessToken, data, done, 403)
+      })
+    })
+  })
+  describe('When updating a user', function () {
+    before(function (done) {
+      usersUtils.getUsersList(server.url, function (err, res) {
+        if (err) throw err
+        userId = res.body.data[1].id
+        rootId = res.body.data[2].id
+        done()
+      })
+    })
+    it('Should fail with a too small password', function (done) {
+      const data = {
+        password: 'bla'
+      }
+      requestsUtils.makePutBodyRequest(server.url, path + userId, userAccessToken, data, done)
+    })
+    it('Should fail with a too long password', function (done) {
+      const data = {
+        password: 'my super long password which is very very very very very very very very very very very very very very' +
+                  'very very very very very very very very very very very very very very very veryv very very very very' +
+                  'very very very very very very very very very very very very very very very very very very very very long'
+      }
+      requestsUtils.makePutBodyRequest(server.url, path + userId, userAccessToken, data, done)
+    })
+    it('Should fail with an non authenticated user', function (done) {
+      const data = {
+        password: 'my super password'
+      }
+      requestsUtils.makePutBodyRequest(server.url, path + userId, 'super token', data, done, 401)
+    })
+    it('Should succeed with the correct params', function (done) {
+      const data = {
+        password: 'my super password'
+      }
+      requestsUtils.makePutBodyRequest(server.url, path + userId, userAccessToken, data, done, 204)
+    })
+  })
+  describe('When getting my information', function () {
+    it('Should fail with a non authenticated user', function (done) {
+      request(server.url)
+        .get(path + 'me')
+        .set('Authorization', 'Bearer faketoken')
+        .set('Accept', 'application/json')
+        .expect(401, done)
+    })
+    it('Should success with the correct parameters', function (done) {
+      request(server.url)
+        .get(path + 'me')
+        .set('Authorization', 'Bearer ' + userAccessToken)
+        .set('Accept', 'application/json')
+        .expect(200, done)
+    })
+  })
+  describe('When removing an user', function () {
+    it('Should fail with an incorrect id', function (done) {
+      request(server.url)
+        .delete(path + 'bla-bla')
+        .set('Authorization', 'Bearer ' + server.accessToken)
+        .expect(400, done)
+    })
+    it('Should fail with the root user', function (done) {
+      request(server.url)
+        .delete(path + rootId)
+        .set('Authorization', 'Bearer ' + server.accessToken)
+        .expect(400, done)
+    })
+    it('Should return 404 with a non existing id', function (done) {
+      request(server.url)
+        .delete(path + '45')
+        .set('Authorization', 'Bearer ' + server.accessToken)
+        .expect(404, done)
+    })
+  })
+  after(function (done) {
+    process.kill(-server.app.pid)
+    // Keep the logs if the test failed
+    if (this.ok) {
+      serversUtils.flushTests(done)
+    } else {
+      done()
+    }
+  })
+})

diff --git a/server/tests/api/check-params/users.js b/server/tests/api/check-params/users.js new file mode 100644 index 000000000..c1fcf34a4 --- /dev/null +++ b/server/tests/api/check-params/users.js
@@ -0,0 +1,284 @@
	1	'use strict'
	2
	3	const request = require('supertest')
	4	const series = require('async/series')
	5
	6	const loginUtils = require('../../utils/login')
	7	const requestsUtils = require('../../utils/requests')
	8	const serversUtils = require('../../utils/servers')
	9	const usersUtils = require('../../utils/users')
	10
	11	describe('Test users API validators', function () {
	12	const path = '/api/v1/users/'
	13	let userId = null
	14	let rootId = null
	15	let server = null
	16	let userAccessToken = null
	17
	18	// ---------------------------------------------------------------
	19
	20	before(function (done) {
	21	this.timeout(20000)
	22
	23	series([
	24	function (next) {
	25	serversUtils.flushTests(next)
	26	},
	27	function (next) {
	28	serversUtils.runServer(1, function (server1) {
	29	server = server1
	30
	31	next()
	32	})
	33	},
	34	function (next) {
	35	loginUtils.loginAndGetAccessToken(server, function (err, token) {
	36	if (err) throw err
	37	server.accessToken = token
	38
	39	next()
	40	})
	41	},
	42	function (next) {
	43	const username = 'user1'
	44	const password = 'my super password'
	45
	46	usersUtils.createUser(server.url, server.accessToken, username, password, next)
	47	},
	48	function (next) {
	49	const user = {
	50	username: 'user1',
	51	password: 'my super password'
	52	}
	53
	54	loginUtils.getUserAccessToken(server, user, function (err, accessToken) {
	55	if (err) throw err
	56
	57	userAccessToken = accessToken
	58
	59	next()
	60	})
	61	}
	62	], done)
	63	})
	64
	65	describe('When listing users', function () {
	66	it('Should fail with a bad start pagination', function (done) {
	67	request(server.url)
	68	.get(path)
	69	.query({ start: 'hello' })
	70	.set('Accept', 'application/json')
	71	.expect(400, done)
	72	})
	73
	74	it('Should fail with a bad count pagination', function (done) {
	75	request(server.url)
	76	.get(path)
	77	.query({ count: 'hello' })
	78	.set('Accept', 'application/json')
	79	.expect(400, done)
	80	})
	81
	82	it('Should fail with an incorrect sort', function (done) {
	83	request(server.url)
	84	.get(path)
	85	.query({ sort: 'hello' })
	86	.set('Accept', 'application/json')
	87	.expect(400, done)
	88	})
	89	})
	90
	91	describe('When adding a new user', function () {
	92	it('Should fail with a too small username', function (done) {
	93	const data = {
	94	username: 'ji',
	95	password: 'mysuperpassword'
	96	}
	97
	98	requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
	99	})
	100
	101	it('Should fail with a too long username', function (done) {
	102	const data = {
	103	username: 'mysuperusernamewhichisverylong',
	104	password: 'mysuperpassword'
	105	}
	106
	107	requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
	108	})
	109
	110	it('Should fail with an incorrect username', function (done) {
	111	const data = {
	112	username: 'my username',
	113	password: 'mysuperpassword'
	114	}
	115
	116	requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
	117	})
	118
	119	it('Should fail with a too small password', function (done) {
	120	const data = {
	121	username: 'myusername',
	122	password: 'bla'
	123	}
	124
	125	requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
	126	})
	127
	128	it('Should fail with a too long password', function (done) {
	129	const data = {
	130	username: 'myusername',
	131	password: 'my super long password which is very very very very very very very very very very very very very very' +
	132	'very very very very very very very very very very very very very very very veryv very very very very' +
	133	'very very very very very very very very very very very very very very very very very very very very long'
	134	}
	135
	136	requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
	137	})
	138
	139	it('Should fail with an non authenticated user', function (done) {
	140	const data = {
	141	username: 'myusername',
	142	password: 'my super password'
	143	}
	144
	145	requestsUtils.makePostBodyRequest(server.url, path, 'super token', data, done, 401)
	146	})
	147
	148	it('Should fail if we add a user with the same username', function (done) {
	149	const data = {
	150	username: 'user1',
	151	password: 'my super password'
	152	}
	153
	154	requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done, 409)
	155	})
	156
	157	it('Should succeed with the correct params', function (done) {
	158	const data = {
	159	username: 'user2',
	160	password: 'my super password'
	161	}
	162
	163	requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done, 204)
	164	})
	165
	166	it('Should fail with a non admin user', function (done) {
	167	server.user = {
	168	username: 'user1',
	169	password: 'my super password'
	170	}
	171
	172	loginUtils.loginAndGetAccessToken(server, function (err, accessToken) {
	173	if (err) throw err
	174
	175	userAccessToken = accessToken
	176
	177	const data = {
	178	username: 'user3',
	179	password: 'my super password'
	180	}
	181
	182	requestsUtils.makePostBodyRequest(server.url, path, userAccessToken, data, done, 403)
	183	})
	184	})
	185	})
	186
	187	describe('When updating a user', function () {
	188	before(function (done) {
	189	usersUtils.getUsersList(server.url, function (err, res) {
	190	if (err) throw err
	191
	192	userId = res.body.data[1].id
	193	rootId = res.body.data[2].id
	194	done()
	195	})
	196	})
	197
	198	it('Should fail with a too small password', function (done) {
	199	const data = {
	200	password: 'bla'
	201	}
	202
	203	requestsUtils.makePutBodyRequest(server.url, path + userId, userAccessToken, data, done)
	204	})
	205
	206	it('Should fail with a too long password', function (done) {
	207	const data = {
	208	password: 'my super long password which is very very very very very very very very very very very very very very' +
	209	'very very very very very very very very very very very very very very very veryv very very very very' +
	210	'very very very very very very very very very very very very very very very very very very very very long'
	211	}
	212
	213	requestsUtils.makePutBodyRequest(server.url, path + userId, userAccessToken, data, done)
	214	})
	215
	216	it('Should fail with an non authenticated user', function (done) {
	217	const data = {
	218	password: 'my super password'
	219	}
	220
	221	requestsUtils.makePutBodyRequest(server.url, path + userId, 'super token', data, done, 401)
	222	})
	223
	224	it('Should succeed with the correct params', function (done) {
	225	const data = {
	226	password: 'my super password'
	227	}
	228
	229	requestsUtils.makePutBodyRequest(server.url, path + userId, userAccessToken, data, done, 204)
	230	})
	231	})
	232
	233	describe('When getting my information', function () {
	234	it('Should fail with a non authenticated user', function (done) {
	235	request(server.url)
	236	.get(path + 'me')
	237	.set('Authorization', 'Bearer faketoken')
	238	.set('Accept', 'application/json')
	239	.expect(401, done)
	240	})
	241
	242	it('Should success with the correct parameters', function (done) {
	243	request(server.url)
	244	.get(path + 'me')
	245	.set('Authorization', 'Bearer ' + userAccessToken)
	246	.set('Accept', 'application/json')
	247	.expect(200, done)
	248	})
	249	})
	250
	251	describe('When removing an user', function () {
	252	it('Should fail with an incorrect id', function (done) {
	253	request(server.url)
	254	.delete(path + 'bla-bla')
	255	.set('Authorization', 'Bearer ' + server.accessToken)
	256	.expect(400, done)
	257	})
	258
	259	it('Should fail with the root user', function (done) {
	260	request(server.url)
	261	.delete(path + rootId)
	262	.set('Authorization', 'Bearer ' + server.accessToken)
	263	.expect(400, done)
	264	})
	265
	266	it('Should return 404 with a non existing id', function (done) {
	267	request(server.url)
	268	.delete(path + '45')
	269	.set('Authorization', 'Bearer ' + server.accessToken)
	270	.expect(404, done)
	271	})
	272	})
	273
	274	after(function (done) {
	275	process.kill(-server.app.pid)
	276
	277	// Keep the logs if the test failed
	278	if (this.ok) {
	279	serversUtils.flushTests(done)
	280	} else {
	281	done()
	282	}
	283	})
	284	})