aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/tests/api/check-params/users.ts
diff options
context:
space:
mode:
Diffstat (limited to 'server/tests/api/check-params/users.ts')
-rw-r--r--server/tests/api/check-params/users.ts502
1 files changed, 502 insertions, 0 deletions
diff --git a/server/tests/api/check-params/users.ts b/server/tests/api/check-params/users.ts
new file mode 100644
index 000000000..643a82afd
--- /dev/null
+++ b/server/tests/api/check-params/users.ts
@@ -0,0 +1,502 @@
1/* tslint:disable:no-unused-expression */
2
3import * as request from 'supertest'
4import 'mocha'
5
6import {
7 ServerInfo,
8 flushTests,
9 runServer,
10 uploadVideo,
11 getVideosList,
12 makePutBodyRequest,
13 createUser,
14 loginAndGetAccessToken,
15 getUsersList,
16 registerUser,
17 setAccessTokensToServers,
18 killallServers,
19 makePostBodyRequest,
20 getUserAccessToken
21} from '../../utils'
22
23describe('Test users API validators', function () {
24 const path = '/api/v1/users/'
25 let userId: number
26 let rootId: number
27 let videoId: number
28 let server: ServerInfo
29 let serverWithRegistrationDisabled: ServerInfo
30 let userAccessToken = ''
31
32 // ---------------------------------------------------------------
33
34 before(async function () {
35 this.timeout(120000)
36
37 await flushTests()
38
39 server = await runServer(1)
40 serverWithRegistrationDisabled = await runServer(2)
41
42 await setAccessTokensToServers([ server ])
43
44 const username = 'user1'
45 const password = 'my super password'
46 await createUser(server.url, server.accessToken, username, password)
47
48 const videoAttributes = {}
49 await uploadVideo(server.url, server.accessToken, videoAttributes)
50
51 const res = await getVideosList(server.url)
52 const videos = res.body.data
53 videoId = videos[0].id
54
55 const user = {
56 username: 'user1',
57 password: 'my super password'
58 }
59 userAccessToken = await getUserAccessToken(server, user)
60 })
61
62 describe('When listing users', function () {
63 it('Should fail with a bad start pagination', async function () {
64 await request(server.url)
65 .get(path)
66 .query({ start: 'hello' })
67 .set('Accept', 'application/json')
68 .expect(400)
69 })
70
71 it('Should fail with a bad count pagination', async function () {
72 await request(server.url)
73 .get(path)
74 .query({ count: 'hello' })
75 .set('Accept', 'application/json')
76 .expect(400)
77 })
78
79 it('Should fail with an incorrect sort', async function () {
80 await request(server.url)
81 .get(path)
82 .query({ sort: 'hello' })
83 .set('Accept', 'application/json')
84 .expect(400)
85 })
86 })
87
88 describe('When adding a new user', function () {
89 it('Should fail with a too small username', async function () {
90 const fields = {
91 username: 'ji',
92 email: 'test@example.com',
93 password: 'my_super_password'
94 }
95
96 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
97 })
98
99 it('Should fail with a too long username', async function () {
100 const fields = {
101 username: 'my_super_username_which_is_very_long',
102 email: 'test@example.com',
103 password: 'my_super_password'
104 }
105
106 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
107 })
108
109 it('Should fail with an incorrect username', async function () {
110 const fields = {
111 username: 'my username',
112 email: 'test@example.com',
113 password: 'my_super_password'
114 }
115
116 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
117 })
118
119 it('Should fail with a missing email', async function () {
120 const fields = {
121 username: 'ji',
122 password: 'my_super_password'
123 }
124
125 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
126 })
127
128 it('Should fail with an invalid email', async function () {
129 const fields = {
130 username: 'my_super_username_which_is_very_long',
131 email: 'test_example.com',
132 password: 'my_super_password'
133 }
134
135 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
136 })
137
138 it('Should fail with a too small password', async function () {
139 const fields = {
140 username: 'my_username',
141 email: 'test@example.com',
142 password: 'bla'
143 }
144
145 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
146 })
147
148 it('Should fail with a too long password', async function () {
149 const fields = {
150 username: 'my_username',
151 email: 'test@example.com',
152 password: 'my super long password which is very very very very very very very very very very very very very very' +
153 'very very very very very very very very very very very very very very very veryv very very very very' +
154 'very very very very very very very very very very very very very very very very very very very very long'
155 }
156
157 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
158 })
159
160 it('Should fail with an non authenticated user', async function () {
161 const fields = {
162 username: 'my_username',
163 email: 'test@example.com',
164 password: 'my super password'
165 }
166
167 await makePostBodyRequest({ url: server.url, path, token: 'super token', fields, statusCodeExpected: 401 })
168 })
169
170 it('Should fail if we add a user with the same username', async function () {
171 const fields = {
172 username: 'user1',
173 email: 'test@example.com',
174 password: 'my super password'
175 }
176
177 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 })
178 })
179
180 it('Should fail if we add a user with the same email', async function () {
181 const fields = {
182 username: 'my_username',
183 email: 'user1@example.com',
184 password: 'my super password'
185 }
186
187 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 })
188 })
189
190 it('Should succeed with the correct params', async function () {
191 const fields = {
192 username: 'user2',
193 email: 'test@example.com',
194 password: 'my super password'
195 }
196
197 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 204 })
198 })
199
200 it('Should fail with a non admin user', async function () {
201 server.user = {
202 username: 'user1',
203 email: 'test@example.com',
204 password: 'my super password'
205 }
206
207 userAccessToken = await loginAndGetAccessToken(server)
208 const fields = {
209 username: 'user3',
210 email: 'test@example.com',
211 password: 'my super password'
212 }
213 await makePostBodyRequest({ url: server.url, path, token: userAccessToken, fields, statusCodeExpected: 403 })
214 })
215 })
216
217 describe('When updating a user', function () {
218 before(async function () {
219 const res = await getUsersList(server.url)
220
221 userId = res.body.data[1].id
222 rootId = res.body.data[2].id
223 })
224
225 it('Should fail with a too small password', async function () {
226 const fields = {
227 password: 'bla'
228 }
229
230 await makePutBodyRequest({ url: server.url, path: path + userId, token: userAccessToken, fields })
231 })
232
233 it('Should fail with a too long password', async function () {
234 const fields = {
235 password: 'my super long password which is very very very very very very very very very very very very very very' +
236 'very very very very very very very very very very very very very very very veryv very very very very' +
237 'very very very very very very very very very very very very very very very very very very very very long'
238 }
239
240 await makePutBodyRequest({ url: server.url, path: path + userId, token: userAccessToken, fields })
241 })
242
243 it('Should fail with an invalid display NSFW attribute', async function () {
244 const fields = {
245 displayNSFW: -1
246 }
247
248 await makePutBodyRequest({ url: server.url, path: path + userId, token: userAccessToken, fields })
249 })
250
251 it('Should fail with an non authenticated user', async function () {
252 const fields = {
253 password: 'my super password'
254 }
255
256 await makePutBodyRequest({ url: server.url, path: path + userId, token: 'super token', fields, statusCodeExpected: 401 })
257 })
258
259 it('Should succeed with the correct params', async function () {
260 const fields = {
261 password: 'my super password',
262 displayNSFW: true
263 }
264
265 await makePutBodyRequest({ url: server.url, path: path + userId, token: userAccessToken, fields, statusCodeExpected: 204 })
266 })
267 })
268
269 describe('When getting my information', function () {
270 it('Should fail with a non authenticated user', async function () {
271 await request(server.url)
272 .get(path + 'me')
273 .set('Authorization', 'Bearer fake_token')
274 .set('Accept', 'application/json')
275 .expect(401)
276 })
277
278 it('Should success with the correct parameters', async function () {
279 await request(server.url)
280 .get(path + 'me')
281 .set('Authorization', 'Bearer ' + userAccessToken)
282 .set('Accept', 'application/json')
283 .expect(200)
284 })
285 })
286
287 describe('When getting my video rating', function () {
288 it('Should fail with a non authenticated user', async function () {
289 await request(server.url)
290 .get(path + 'me/videos/' + videoId + '/rating')
291 .set('Authorization', 'Bearer fake_token')
292 .set('Accept', 'application/json')
293 .expect(401)
294 })
295
296 it('Should fail with an incorrect video uuid', async function () {
297 await request(server.url)
298 .get(path + 'me/videos/blabla/rating')
299 .set('Authorization', 'Bearer ' + userAccessToken)
300 .set('Accept', 'application/json')
301 .expect(400)
302 })
303
304 it('Should fail with an unknown video', async function () {
305 await request(server.url)
306 .get(path + 'me/videos/4da6fde3-88f7-4d16-b119-108df5630b06/rating')
307 .set('Authorization', 'Bearer ' + userAccessToken)
308 .set('Accept', 'application/json')
309 .expect(404)
310 })
311
312 it('Should success with the correct parameters', async function () {
313 await request(server.url)
314 .get(path + 'me/videos/' + videoId + '/rating')
315 .set('Authorization', 'Bearer ' + userAccessToken)
316 .set('Accept', 'application/json')
317 .expect(200)
318 })
319 })
320
321 describe('When removing an user', function () {
322 it('Should fail with an incorrect id', async function () {
323 await request(server.url)
324 .delete(path + 'bla-bla')
325 .set('Authorization', 'Bearer ' + server.accessToken)
326 .expect(400)
327 })
328
329 it('Should fail with the root user', async function () {
330 await request(server.url)
331 .delete(path + rootId)
332 .set('Authorization', 'Bearer ' + server.accessToken)
333 .expect(400)
334 })
335
336 it('Should return 404 with a non existing id', async function () {
337 await request(server.url)
338 .delete(path + '45')
339 .set('Authorization', 'Bearer ' + server.accessToken)
340 .expect(404)
341 })
342 })
343
344 describe('When removing an user', function () {
345 it('Should fail with an incorrect id', async function () {
346 await request(server.url)
347 .delete(path + 'bla-bla')
348 .set('Authorization', 'Bearer ' + server.accessToken)
349 .expect(400)
350 })
351
352 it('Should fail with the root user', async function () {
353 await request(server.url)
354 .delete(path + rootId)
355 .set('Authorization', 'Bearer ' + server.accessToken)
356 .expect(400)
357 })
358
359 it('Should return 404 with a non existing id', async function () {
360 await request(server.url)
361 .delete(path + '45')
362 .set('Authorization', 'Bearer ' + server.accessToken)
363 .expect(404)
364 })
365 })
366
367 describe('When register a new user', function () {
368 const registrationPath = path + '/register'
369
370 it('Should fail with a too small username', async function () {
371 const fields = {
372 username: 'ji',
373 email: 'test@example.com',
374 password: 'my_super_password'
375 }
376
377 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
378 })
379
380 it('Should fail with a too long username', async function () {
381 const fields = {
382 username: 'my_super_username_which_is_very_long',
383 email: 'test@example.com',
384 password: 'my_super_password'
385 }
386
387 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
388 })
389
390 it('Should fail with an incorrect username', async function () {
391 const fields = {
392 username: 'my username',
393 email: 'test@example.com',
394 password: 'my_super_password'
395 }
396
397 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
398 })
399
400 it('Should fail with a missing email', async function () {
401 const fields = {
402 username: 'ji',
403 password: 'my_super_password'
404 }
405
406 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
407 })
408
409 it('Should fail with an invalid email', async function () {
410 const fields = {
411 username: 'my_super_username_which_is_very_long',
412 email: 'test_example.com',
413 password: 'my_super_password'
414 }
415
416 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
417 })
418
419 it('Should fail with a too small password', async function () {
420 const fields = {
421 username: 'my_username',
422 email: 'test@example.com',
423 password: 'bla'
424 }
425
426 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
427 })
428
429 it('Should fail with a too long password', async function () {
430 const fields = {
431 username: 'my_username',
432 email: 'test@example.com',
433 password: 'my super long password which is very very very very very very very very very very very very very very' +
434 'very very very very very very very very very very very very very very very veryv very very very very' +
435 'very very very very very very very very very very very very very very very very very very very very long'
436 }
437
438 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
439 })
440
441 it('Should fail if we register a user with the same username', async function () {
442 const fields = {
443 username: 'root',
444 email: 'test@example.com',
445 password: 'my super password'
446 }
447
448 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields, statusCodeExpected: 409 })
449 })
450
451 it('Should fail if we register a user with the same email', async function () {
452 const fields = {
453 username: 'my_username',
454 email: 'admin1@example.com',
455 password: 'my super password'
456 }
457
458 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields, statusCodeExpected: 409 })
459 })
460
461 it('Should succeed with the correct params', async function () {
462 const fields = {
463 username: 'user3',
464 email: 'test3@example.com',
465 password: 'my super password'
466 }
467
468 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields, statusCodeExpected: 204 })
469 })
470
471 it('Should fail on a server with registration disabled', async function () {
472 const fields = {
473 username: 'user4',
474 email: 'test4@example.com',
475 password: 'my super password 4'
476 }
477
478 await makePostBodyRequest({
479 url: serverWithRegistrationDisabled.url,
480 path: registrationPath,
481 token: serverWithRegistrationDisabled.accessToken,
482 fields,
483 statusCodeExpected: 403
484 })
485 })
486 })
487
488 describe('When registering multiple users on a server with users limit', function () {
489 it('Should fail when after 3 registrations', async function () {
490 await registerUser(server.url, 'user42', 'super password', 403)
491 })
492 })
493
494 after(async function () {
495 killallServers([ server, serverWithRegistrationDisabled ])
496
497 // Keep the logs if the test failed
498 if (this['ok']) {
499 await flushTests()
500 }
501 })
502})