aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/tests/api/check-params/users.js
diff options
context:
space:
mode:
Diffstat (limited to 'server/tests/api/check-params/users.js')
-rw-r--r--server/tests/api/check-params/users.js284
1 files changed, 284 insertions, 0 deletions
diff --git a/server/tests/api/check-params/users.js b/server/tests/api/check-params/users.js
new file mode 100644
index 000000000..c1fcf34a4
--- /dev/null
+++ b/server/tests/api/check-params/users.js
@@ -0,0 +1,284 @@
1'use strict'
2
3const request = require('supertest')
4const series = require('async/series')
5
6const loginUtils = require('../../utils/login')
7const requestsUtils = require('../../utils/requests')
8const serversUtils = require('../../utils/servers')
9const usersUtils = require('../../utils/users')
10
11describe('Test users API validators', function () {
12 const path = '/api/v1/users/'
13 let userId = null
14 let rootId = null
15 let server = null
16 let userAccessToken = null
17
18 // ---------------------------------------------------------------
19
20 before(function (done) {
21 this.timeout(20000)
22
23 series([
24 function (next) {
25 serversUtils.flushTests(next)
26 },
27 function (next) {
28 serversUtils.runServer(1, function (server1) {
29 server = server1
30
31 next()
32 })
33 },
34 function (next) {
35 loginUtils.loginAndGetAccessToken(server, function (err, token) {
36 if (err) throw err
37 server.accessToken = token
38
39 next()
40 })
41 },
42 function (next) {
43 const username = 'user1'
44 const password = 'my super password'
45
46 usersUtils.createUser(server.url, server.accessToken, username, password, next)
47 },
48 function (next) {
49 const user = {
50 username: 'user1',
51 password: 'my super password'
52 }
53
54 loginUtils.getUserAccessToken(server, user, function (err, accessToken) {
55 if (err) throw err
56
57 userAccessToken = accessToken
58
59 next()
60 })
61 }
62 ], done)
63 })
64
65 describe('When listing users', function () {
66 it('Should fail with a bad start pagination', function (done) {
67 request(server.url)
68 .get(path)
69 .query({ start: 'hello' })
70 .set('Accept', 'application/json')
71 .expect(400, done)
72 })
73
74 it('Should fail with a bad count pagination', function (done) {
75 request(server.url)
76 .get(path)
77 .query({ count: 'hello' })
78 .set('Accept', 'application/json')
79 .expect(400, done)
80 })
81
82 it('Should fail with an incorrect sort', function (done) {
83 request(server.url)
84 .get(path)
85 .query({ sort: 'hello' })
86 .set('Accept', 'application/json')
87 .expect(400, done)
88 })
89 })
90
91 describe('When adding a new user', function () {
92 it('Should fail with a too small username', function (done) {
93 const data = {
94 username: 'ji',
95 password: 'mysuperpassword'
96 }
97
98 requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
99 })
100
101 it('Should fail with a too long username', function (done) {
102 const data = {
103 username: 'mysuperusernamewhichisverylong',
104 password: 'mysuperpassword'
105 }
106
107 requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
108 })
109
110 it('Should fail with an incorrect username', function (done) {
111 const data = {
112 username: 'my username',
113 password: 'mysuperpassword'
114 }
115
116 requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
117 })
118
119 it('Should fail with a too small password', function (done) {
120 const data = {
121 username: 'myusername',
122 password: 'bla'
123 }
124
125 requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
126 })
127
128 it('Should fail with a too long password', function (done) {
129 const data = {
130 username: 'myusername',
131 password: 'my super long password which is very very very very very very very very very very very very very very' +
132 'very very very very very very very very very very very very very very very veryv very very very very' +
133 'very very very very very very very very very very very very very very very very very very very very long'
134 }
135
136 requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done)
137 })
138
139 it('Should fail with an non authenticated user', function (done) {
140 const data = {
141 username: 'myusername',
142 password: 'my super password'
143 }
144
145 requestsUtils.makePostBodyRequest(server.url, path, 'super token', data, done, 401)
146 })
147
148 it('Should fail if we add a user with the same username', function (done) {
149 const data = {
150 username: 'user1',
151 password: 'my super password'
152 }
153
154 requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done, 409)
155 })
156
157 it('Should succeed with the correct params', function (done) {
158 const data = {
159 username: 'user2',
160 password: 'my super password'
161 }
162
163 requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done, 204)
164 })
165
166 it('Should fail with a non admin user', function (done) {
167 server.user = {
168 username: 'user1',
169 password: 'my super password'
170 }
171
172 loginUtils.loginAndGetAccessToken(server, function (err, accessToken) {
173 if (err) throw err
174
175 userAccessToken = accessToken
176
177 const data = {
178 username: 'user3',
179 password: 'my super password'
180 }
181
182 requestsUtils.makePostBodyRequest(server.url, path, userAccessToken, data, done, 403)
183 })
184 })
185 })
186
187 describe('When updating a user', function () {
188 before(function (done) {
189 usersUtils.getUsersList(server.url, function (err, res) {
190 if (err) throw err
191
192 userId = res.body.data[1].id
193 rootId = res.body.data[2].id
194 done()
195 })
196 })
197
198 it('Should fail with a too small password', function (done) {
199 const data = {
200 password: 'bla'
201 }
202
203 requestsUtils.makePutBodyRequest(server.url, path + userId, userAccessToken, data, done)
204 })
205
206 it('Should fail with a too long password', function (done) {
207 const data = {
208 password: 'my super long password which is very very very very very very very very very very very very very very' +
209 'very very very very very very very very very very very very very very very veryv very very very very' +
210 'very very very very very very very very very very very very very very very very very very very very long'
211 }
212
213 requestsUtils.makePutBodyRequest(server.url, path + userId, userAccessToken, data, done)
214 })
215
216 it('Should fail with an non authenticated user', function (done) {
217 const data = {
218 password: 'my super password'
219 }
220
221 requestsUtils.makePutBodyRequest(server.url, path + userId, 'super token', data, done, 401)
222 })
223
224 it('Should succeed with the correct params', function (done) {
225 const data = {
226 password: 'my super password'
227 }
228
229 requestsUtils.makePutBodyRequest(server.url, path + userId, userAccessToken, data, done, 204)
230 })
231 })
232
233 describe('When getting my information', function () {
234 it('Should fail with a non authenticated user', function (done) {
235 request(server.url)
236 .get(path + 'me')
237 .set('Authorization', 'Bearer faketoken')
238 .set('Accept', 'application/json')
239 .expect(401, done)
240 })
241
242 it('Should success with the correct parameters', function (done) {
243 request(server.url)
244 .get(path + 'me')
245 .set('Authorization', 'Bearer ' + userAccessToken)
246 .set('Accept', 'application/json')
247 .expect(200, done)
248 })
249 })
250
251 describe('When removing an user', function () {
252 it('Should fail with an incorrect id', function (done) {
253 request(server.url)
254 .delete(path + 'bla-bla')
255 .set('Authorization', 'Bearer ' + server.accessToken)
256 .expect(400, done)
257 })
258
259 it('Should fail with the root user', function (done) {
260 request(server.url)
261 .delete(path + rootId)
262 .set('Authorization', 'Bearer ' + server.accessToken)
263 .expect(400, done)
264 })
265
266 it('Should return 404 with a non existing id', function (done) {
267 request(server.url)
268 .delete(path + '45')
269 .set('Authorization', 'Bearer ' + server.accessToken)
270 .expect(404, done)
271 })
272 })
273
274 after(function (done) {
275 process.kill(-server.app.pid)
276
277 // Keep the logs if the test failed
278 if (this.ok) {
279 serversUtils.flushTests(done)
280 } else {
281 done()
282 }
283 })
284})