diff options
Diffstat (limited to 'server/tests/api/check-params/users.ts')
-rw-r--r-- | server/tests/api/check-params/users.ts | 502 |
1 files changed, 502 insertions, 0 deletions
diff --git a/server/tests/api/check-params/users.ts b/server/tests/api/check-params/users.ts new file mode 100644 index 000000000..643a82afd --- /dev/null +++ b/server/tests/api/check-params/users.ts | |||
@@ -0,0 +1,502 @@ | |||
1 | /* tslint:disable:no-unused-expression */ | ||
2 | |||
3 | import * as request from 'supertest' | ||
4 | import 'mocha' | ||
5 | |||
6 | import { | ||
7 | ServerInfo, | ||
8 | flushTests, | ||
9 | runServer, | ||
10 | uploadVideo, | ||
11 | getVideosList, | ||
12 | makePutBodyRequest, | ||
13 | createUser, | ||
14 | loginAndGetAccessToken, | ||
15 | getUsersList, | ||
16 | registerUser, | ||
17 | setAccessTokensToServers, | ||
18 | killallServers, | ||
19 | makePostBodyRequest, | ||
20 | getUserAccessToken | ||
21 | } from '../../utils' | ||
22 | |||
23 | describe('Test users API validators', function () { | ||
24 | const path = '/api/v1/users/' | ||
25 | let userId: number | ||
26 | let rootId: number | ||
27 | let videoId: number | ||
28 | let server: ServerInfo | ||
29 | let serverWithRegistrationDisabled: ServerInfo | ||
30 | let userAccessToken = '' | ||
31 | |||
32 | // --------------------------------------------------------------- | ||
33 | |||
34 | before(async function () { | ||
35 | this.timeout(120000) | ||
36 | |||
37 | await flushTests() | ||
38 | |||
39 | server = await runServer(1) | ||
40 | serverWithRegistrationDisabled = await runServer(2) | ||
41 | |||
42 | await setAccessTokensToServers([ server ]) | ||
43 | |||
44 | const username = 'user1' | ||
45 | const password = 'my super password' | ||
46 | await createUser(server.url, server.accessToken, username, password) | ||
47 | |||
48 | const videoAttributes = {} | ||
49 | await uploadVideo(server.url, server.accessToken, videoAttributes) | ||
50 | |||
51 | const res = await getVideosList(server.url) | ||
52 | const videos = res.body.data | ||
53 | videoId = videos[0].id | ||
54 | |||
55 | const user = { | ||
56 | username: 'user1', | ||
57 | password: 'my super password' | ||
58 | } | ||
59 | userAccessToken = await getUserAccessToken(server, user) | ||
60 | }) | ||
61 | |||
62 | describe('When listing users', function () { | ||
63 | it('Should fail with a bad start pagination', async function () { | ||
64 | await request(server.url) | ||
65 | .get(path) | ||
66 | .query({ start: 'hello' }) | ||
67 | .set('Accept', 'application/json') | ||
68 | .expect(400) | ||
69 | }) | ||
70 | |||
71 | it('Should fail with a bad count pagination', async function () { | ||
72 | await request(server.url) | ||
73 | .get(path) | ||
74 | .query({ count: 'hello' }) | ||
75 | .set('Accept', 'application/json') | ||
76 | .expect(400) | ||
77 | }) | ||
78 | |||
79 | it('Should fail with an incorrect sort', async function () { | ||
80 | await request(server.url) | ||
81 | .get(path) | ||
82 | .query({ sort: 'hello' }) | ||
83 | .set('Accept', 'application/json') | ||
84 | .expect(400) | ||
85 | }) | ||
86 | }) | ||
87 | |||
88 | describe('When adding a new user', function () { | ||
89 | it('Should fail with a too small username', async function () { | ||
90 | const fields = { | ||
91 | username: 'ji', | ||
92 | email: 'test@example.com', | ||
93 | password: 'my_super_password' | ||
94 | } | ||
95 | |||
96 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | ||
97 | }) | ||
98 | |||
99 | it('Should fail with a too long username', async function () { | ||
100 | const fields = { | ||
101 | username: 'my_super_username_which_is_very_long', | ||
102 | email: 'test@example.com', | ||
103 | password: 'my_super_password' | ||
104 | } | ||
105 | |||
106 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | ||
107 | }) | ||
108 | |||
109 | it('Should fail with an incorrect username', async function () { | ||
110 | const fields = { | ||
111 | username: 'my username', | ||
112 | email: 'test@example.com', | ||
113 | password: 'my_super_password' | ||
114 | } | ||
115 | |||
116 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | ||
117 | }) | ||
118 | |||
119 | it('Should fail with a missing email', async function () { | ||
120 | const fields = { | ||
121 | username: 'ji', | ||
122 | password: 'my_super_password' | ||
123 | } | ||
124 | |||
125 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | ||
126 | }) | ||
127 | |||
128 | it('Should fail with an invalid email', async function () { | ||
129 | const fields = { | ||
130 | username: 'my_super_username_which_is_very_long', | ||
131 | email: 'test_example.com', | ||
132 | password: 'my_super_password' | ||
133 | } | ||
134 | |||
135 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | ||
136 | }) | ||
137 | |||
138 | it('Should fail with a too small password', async function () { | ||
139 | const fields = { | ||
140 | username: 'my_username', | ||
141 | email: 'test@example.com', | ||
142 | password: 'bla' | ||
143 | } | ||
144 | |||
145 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | ||
146 | }) | ||
147 | |||
148 | it('Should fail with a too long password', async function () { | ||
149 | const fields = { | ||
150 | username: 'my_username', | ||
151 | email: 'test@example.com', | ||
152 | password: 'my super long password which is very very very very very very very very very very very very very very' + | ||
153 | 'very very very very very very very very very very very very very very very veryv very very very very' + | ||
154 | 'very very very very very very very very very very very very very very very very very very very very long' | ||
155 | } | ||
156 | |||
157 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | ||
158 | }) | ||
159 | |||
160 | it('Should fail with an non authenticated user', async function () { | ||
161 | const fields = { | ||
162 | username: 'my_username', | ||
163 | email: 'test@example.com', | ||
164 | password: 'my super password' | ||
165 | } | ||
166 | |||
167 | await makePostBodyRequest({ url: server.url, path, token: 'super token', fields, statusCodeExpected: 401 }) | ||
168 | }) | ||
169 | |||
170 | it('Should fail if we add a user with the same username', async function () { | ||
171 | const fields = { | ||
172 | username: 'user1', | ||
173 | email: 'test@example.com', | ||
174 | password: 'my super password' | ||
175 | } | ||
176 | |||
177 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 }) | ||
178 | }) | ||
179 | |||
180 | it('Should fail if we add a user with the same email', async function () { | ||
181 | const fields = { | ||
182 | username: 'my_username', | ||
183 | email: 'user1@example.com', | ||
184 | password: 'my super password' | ||
185 | } | ||
186 | |||
187 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 }) | ||
188 | }) | ||
189 | |||
190 | it('Should succeed with the correct params', async function () { | ||
191 | const fields = { | ||
192 | username: 'user2', | ||
193 | email: 'test@example.com', | ||
194 | password: 'my super password' | ||
195 | } | ||
196 | |||
197 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 204 }) | ||
198 | }) | ||
199 | |||
200 | it('Should fail with a non admin user', async function () { | ||
201 | server.user = { | ||
202 | username: 'user1', | ||
203 | email: 'test@example.com', | ||
204 | password: 'my super password' | ||
205 | } | ||
206 | |||
207 | userAccessToken = await loginAndGetAccessToken(server) | ||
208 | const fields = { | ||
209 | username: 'user3', | ||
210 | email: 'test@example.com', | ||
211 | password: 'my super password' | ||
212 | } | ||
213 | await makePostBodyRequest({ url: server.url, path, token: userAccessToken, fields, statusCodeExpected: 403 }) | ||
214 | }) | ||
215 | }) | ||
216 | |||
217 | describe('When updating a user', function () { | ||
218 | before(async function () { | ||
219 | const res = await getUsersList(server.url) | ||
220 | |||
221 | userId = res.body.data[1].id | ||
222 | rootId = res.body.data[2].id | ||
223 | }) | ||
224 | |||
225 | it('Should fail with a too small password', async function () { | ||
226 | const fields = { | ||
227 | password: 'bla' | ||
228 | } | ||
229 | |||
230 | await makePutBodyRequest({ url: server.url, path: path + userId, token: userAccessToken, fields }) | ||
231 | }) | ||
232 | |||
233 | it('Should fail with a too long password', async function () { | ||
234 | const fields = { | ||
235 | password: 'my super long password which is very very very very very very very very very very very very very very' + | ||
236 | 'very very very very very very very very very very very very very very very veryv very very very very' + | ||
237 | 'very very very very very very very very very very very very very very very very very very very very long' | ||
238 | } | ||
239 | |||
240 | await makePutBodyRequest({ url: server.url, path: path + userId, token: userAccessToken, fields }) | ||
241 | }) | ||
242 | |||
243 | it('Should fail with an invalid display NSFW attribute', async function () { | ||
244 | const fields = { | ||
245 | displayNSFW: -1 | ||
246 | } | ||
247 | |||
248 | await makePutBodyRequest({ url: server.url, path: path + userId, token: userAccessToken, fields }) | ||
249 | }) | ||
250 | |||
251 | it('Should fail with an non authenticated user', async function () { | ||
252 | const fields = { | ||
253 | password: 'my super password' | ||
254 | } | ||
255 | |||
256 | await makePutBodyRequest({ url: server.url, path: path + userId, token: 'super token', fields, statusCodeExpected: 401 }) | ||
257 | }) | ||
258 | |||
259 | it('Should succeed with the correct params', async function () { | ||
260 | const fields = { | ||
261 | password: 'my super password', | ||
262 | displayNSFW: true | ||
263 | } | ||
264 | |||
265 | await makePutBodyRequest({ url: server.url, path: path + userId, token: userAccessToken, fields, statusCodeExpected: 204 }) | ||
266 | }) | ||
267 | }) | ||
268 | |||
269 | describe('When getting my information', function () { | ||
270 | it('Should fail with a non authenticated user', async function () { | ||
271 | await request(server.url) | ||
272 | .get(path + 'me') | ||
273 | .set('Authorization', 'Bearer fake_token') | ||
274 | .set('Accept', 'application/json') | ||
275 | .expect(401) | ||
276 | }) | ||
277 | |||
278 | it('Should success with the correct parameters', async function () { | ||
279 | await request(server.url) | ||
280 | .get(path + 'me') | ||
281 | .set('Authorization', 'Bearer ' + userAccessToken) | ||
282 | .set('Accept', 'application/json') | ||
283 | .expect(200) | ||
284 | }) | ||
285 | }) | ||
286 | |||
287 | describe('When getting my video rating', function () { | ||
288 | it('Should fail with a non authenticated user', async function () { | ||
289 | await request(server.url) | ||
290 | .get(path + 'me/videos/' + videoId + '/rating') | ||
291 | .set('Authorization', 'Bearer fake_token') | ||
292 | .set('Accept', 'application/json') | ||
293 | .expect(401) | ||
294 | }) | ||
295 | |||
296 | it('Should fail with an incorrect video uuid', async function () { | ||
297 | await request(server.url) | ||
298 | .get(path + 'me/videos/blabla/rating') | ||
299 | .set('Authorization', 'Bearer ' + userAccessToken) | ||
300 | .set('Accept', 'application/json') | ||
301 | .expect(400) | ||
302 | }) | ||
303 | |||
304 | it('Should fail with an unknown video', async function () { | ||
305 | await request(server.url) | ||
306 | .get(path + 'me/videos/4da6fde3-88f7-4d16-b119-108df5630b06/rating') | ||
307 | .set('Authorization', 'Bearer ' + userAccessToken) | ||
308 | .set('Accept', 'application/json') | ||
309 | .expect(404) | ||
310 | }) | ||
311 | |||
312 | it('Should success with the correct parameters', async function () { | ||
313 | await request(server.url) | ||
314 | .get(path + 'me/videos/' + videoId + '/rating') | ||
315 | .set('Authorization', 'Bearer ' + userAccessToken) | ||
316 | .set('Accept', 'application/json') | ||
317 | .expect(200) | ||
318 | }) | ||
319 | }) | ||
320 | |||
321 | describe('When removing an user', function () { | ||
322 | it('Should fail with an incorrect id', async function () { | ||
323 | await request(server.url) | ||
324 | .delete(path + 'bla-bla') | ||
325 | .set('Authorization', 'Bearer ' + server.accessToken) | ||
326 | .expect(400) | ||
327 | }) | ||
328 | |||
329 | it('Should fail with the root user', async function () { | ||
330 | await request(server.url) | ||
331 | .delete(path + rootId) | ||
332 | .set('Authorization', 'Bearer ' + server.accessToken) | ||
333 | .expect(400) | ||
334 | }) | ||
335 | |||
336 | it('Should return 404 with a non existing id', async function () { | ||
337 | await request(server.url) | ||
338 | .delete(path + '45') | ||
339 | .set('Authorization', 'Bearer ' + server.accessToken) | ||
340 | .expect(404) | ||
341 | }) | ||
342 | }) | ||
343 | |||
344 | describe('When removing an user', function () { | ||
345 | it('Should fail with an incorrect id', async function () { | ||
346 | await request(server.url) | ||
347 | .delete(path + 'bla-bla') | ||
348 | .set('Authorization', 'Bearer ' + server.accessToken) | ||
349 | .expect(400) | ||
350 | }) | ||
351 | |||
352 | it('Should fail with the root user', async function () { | ||
353 | await request(server.url) | ||
354 | .delete(path + rootId) | ||
355 | .set('Authorization', 'Bearer ' + server.accessToken) | ||
356 | .expect(400) | ||
357 | }) | ||
358 | |||
359 | it('Should return 404 with a non existing id', async function () { | ||
360 | await request(server.url) | ||
361 | .delete(path + '45') | ||
362 | .set('Authorization', 'Bearer ' + server.accessToken) | ||
363 | .expect(404) | ||
364 | }) | ||
365 | }) | ||
366 | |||
367 | describe('When register a new user', function () { | ||
368 | const registrationPath = path + '/register' | ||
369 | |||
370 | it('Should fail with a too small username', async function () { | ||
371 | const fields = { | ||
372 | username: 'ji', | ||
373 | email: 'test@example.com', | ||
374 | password: 'my_super_password' | ||
375 | } | ||
376 | |||
377 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | ||
378 | }) | ||
379 | |||
380 | it('Should fail with a too long username', async function () { | ||
381 | const fields = { | ||
382 | username: 'my_super_username_which_is_very_long', | ||
383 | email: 'test@example.com', | ||
384 | password: 'my_super_password' | ||
385 | } | ||
386 | |||
387 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | ||
388 | }) | ||
389 | |||
390 | it('Should fail with an incorrect username', async function () { | ||
391 | const fields = { | ||
392 | username: 'my username', | ||
393 | email: 'test@example.com', | ||
394 | password: 'my_super_password' | ||
395 | } | ||
396 | |||
397 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | ||
398 | }) | ||
399 | |||
400 | it('Should fail with a missing email', async function () { | ||
401 | const fields = { | ||
402 | username: 'ji', | ||
403 | password: 'my_super_password' | ||
404 | } | ||
405 | |||
406 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | ||
407 | }) | ||
408 | |||
409 | it('Should fail with an invalid email', async function () { | ||
410 | const fields = { | ||
411 | username: 'my_super_username_which_is_very_long', | ||
412 | email: 'test_example.com', | ||
413 | password: 'my_super_password' | ||
414 | } | ||
415 | |||
416 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | ||
417 | }) | ||
418 | |||
419 | it('Should fail with a too small password', async function () { | ||
420 | const fields = { | ||
421 | username: 'my_username', | ||
422 | email: 'test@example.com', | ||
423 | password: 'bla' | ||
424 | } | ||
425 | |||
426 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | ||
427 | }) | ||
428 | |||
429 | it('Should fail with a too long password', async function () { | ||
430 | const fields = { | ||
431 | username: 'my_username', | ||
432 | email: 'test@example.com', | ||
433 | password: 'my super long password which is very very very very very very very very very very very very very very' + | ||
434 | 'very very very very very very very very very very very very very very very veryv very very very very' + | ||
435 | 'very very very very very very very very very very very very very very very very very very very very long' | ||
436 | } | ||
437 | |||
438 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | ||
439 | }) | ||
440 | |||
441 | it('Should fail if we register a user with the same username', async function () { | ||
442 | const fields = { | ||
443 | username: 'root', | ||
444 | email: 'test@example.com', | ||
445 | password: 'my super password' | ||
446 | } | ||
447 | |||
448 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields, statusCodeExpected: 409 }) | ||
449 | }) | ||
450 | |||
451 | it('Should fail if we register a user with the same email', async function () { | ||
452 | const fields = { | ||
453 | username: 'my_username', | ||
454 | email: 'admin1@example.com', | ||
455 | password: 'my super password' | ||
456 | } | ||
457 | |||
458 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields, statusCodeExpected: 409 }) | ||
459 | }) | ||
460 | |||
461 | it('Should succeed with the correct params', async function () { | ||
462 | const fields = { | ||
463 | username: 'user3', | ||
464 | email: 'test3@example.com', | ||
465 | password: 'my super password' | ||
466 | } | ||
467 | |||
468 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields, statusCodeExpected: 204 }) | ||
469 | }) | ||
470 | |||
471 | it('Should fail on a server with registration disabled', async function () { | ||
472 | const fields = { | ||
473 | username: 'user4', | ||
474 | email: 'test4@example.com', | ||
475 | password: 'my super password 4' | ||
476 | } | ||
477 | |||
478 | await makePostBodyRequest({ | ||
479 | url: serverWithRegistrationDisabled.url, | ||
480 | path: registrationPath, | ||
481 | token: serverWithRegistrationDisabled.accessToken, | ||
482 | fields, | ||
483 | statusCodeExpected: 403 | ||
484 | }) | ||
485 | }) | ||
486 | }) | ||
487 | |||
488 | describe('When registering multiple users on a server with users limit', function () { | ||
489 | it('Should fail when after 3 registrations', async function () { | ||
490 | await registerUser(server.url, 'user42', 'super password', 403) | ||
491 | }) | ||
492 | }) | ||
493 | |||
494 | after(async function () { | ||
495 | killallServers([ server, serverWithRegistrationDisabled ]) | ||
496 | |||
497 | // Keep the logs if the test failed | ||
498 | if (this['ok']) { | ||
499 | await flushTests() | ||
500 | } | ||
501 | }) | ||
502 | }) | ||