aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/tests/api/checkParams.js
diff options
context:
space:
mode:
Diffstat (limited to 'server/tests/api/checkParams.js')
-rw-r--r--server/tests/api/checkParams.js268
1 files changed, 250 insertions, 18 deletions
diff --git a/server/tests/api/checkParams.js b/server/tests/api/checkParams.js
index c1ba9c2c0..bd7227e9c 100644
--- a/server/tests/api/checkParams.js
+++ b/server/tests/api/checkParams.js
@@ -11,9 +11,8 @@ const utils = require('./utils')
11describe('Test parameters validator', function () { 11describe('Test parameters validator', function () {
12 let server = null 12 let server = null
13 13
14 function makePostRequest (path, token, fields, attaches, done, fail) { 14 function makePostRequest (path, token, fields, attaches, done, statusCodeExpected) {
15 let statusCode = 400 15 if (!statusCodeExpected) statusCodeExpected = 400
16 if (fail !== undefined && fail === false) statusCode = 204
17 16
18 const req = request(server.url) 17 const req = request(server.url)
19 .post(path) 18 .post(path)
@@ -38,18 +37,31 @@ describe('Test parameters validator', function () {
38 req.attach(attach, value) 37 req.attach(attach, value)
39 }) 38 })
40 39
41 req.expect(statusCode, done) 40 req.expect(statusCodeExpected, done)
42 } 41 }
43 42
44 function makePostBodyRequest (path, fields, done, fail) { 43 function makePostBodyRequest (path, token, fields, done, statusCodeExpected) {
45 let statusCode = 400 44 if (!statusCodeExpected) statusCodeExpected = 400
46 if (fail !== undefined && fail === false) statusCode = 200
47 45
48 request(server.url) 46 const req = request(server.url)
49 .post(path) 47 .post(path)
50 .set('Accept', 'application/json') 48 .set('Accept', 'application/json')
51 .send(fields) 49
52 .expect(statusCode, done) 50 if (token) req.set('Authorization', 'Bearer ' + token)
51
52 req.send(fields).expect(statusCodeExpected, done)
53 }
54
55 function makePutBodyRequest (path, token, fields, done, statusCodeExpected) {
56 if (!statusCodeExpected) statusCodeExpected = 400
57
58 const req = request(server.url)
59 .put(path)
60 .set('Accept', 'application/json')
61
62 if (token) req.set('Authorization', 'Bearer ' + token)
63
64 req.send(fields).expect(statusCodeExpected, done)
53 } 65 }
54 66
55 // --------------------------------------------------------------- 67 // ---------------------------------------------------------------
@@ -85,21 +97,21 @@ describe('Test parameters validator', function () {
85 describe('When adding a pod', function () { 97 describe('When adding a pod', function () {
86 it('Should fail with nothing', function (done) { 98 it('Should fail with nothing', function (done) {
87 const data = {} 99 const data = {}
88 makePostBodyRequest(path, data, done) 100 makePostBodyRequest(path, null, data, done)
89 }) 101 })
90 102
91 it('Should fail without public key', function (done) { 103 it('Should fail without public key', function (done) {
92 const data = { 104 const data = {
93 url: 'http://coucou.com' 105 url: 'http://coucou.com'
94 } 106 }
95 makePostBodyRequest(path, data, done) 107 makePostBodyRequest(path, null, data, done)
96 }) 108 })
97 109
98 it('Should fail without an url', function (done) { 110 it('Should fail without an url', function (done) {
99 const data = { 111 const data = {
100 publicKey: 'mysuperpublickey' 112 publicKey: 'mysuperpublickey'
101 } 113 }
102 makePostBodyRequest(path, data, done) 114 makePostBodyRequest(path, null, data, done)
103 }) 115 })
104 116
105 it('Should fail with an incorrect url', function (done) { 117 it('Should fail with an incorrect url', function (done) {
@@ -107,11 +119,11 @@ describe('Test parameters validator', function () {
107 url: 'coucou.com', 119 url: 'coucou.com',
108 publicKey: 'mysuperpublickey' 120 publicKey: 'mysuperpublickey'
109 } 121 }
110 makePostBodyRequest(path, data, function () { 122 makePostBodyRequest(path, null, data, function () {
111 data.url = 'http://coucou' 123 data.url = 'http://coucou'
112 makePostBodyRequest(path, data, function () { 124 makePostBodyRequest(path, null, data, function () {
113 data.url = 'coucou' 125 data.url = 'coucou'
114 makePostBodyRequest(path, data, done) 126 makePostBodyRequest(path, null, data, done)
115 }) 127 })
116 }) 128 })
117 }) 129 })
@@ -121,7 +133,68 @@ describe('Test parameters validator', function () {
121 url: 'http://coucou.com', 133 url: 'http://coucou.com',
122 publicKey: 'mysuperpublickey' 134 publicKey: 'mysuperpublickey'
123 } 135 }
124 makePostBodyRequest(path, data, done, false) 136 makePostBodyRequest(path, null, data, done, 200)
137 })
138 })
139
140 describe('For the friends API', function () {
141 let userAccessToken = null
142
143 before(function (done) {
144 utils.createUser(server.url, server.accessToken, 'user1', 'password', function () {
145 server.user = {
146 username: 'user1',
147 password: 'password'
148 }
149
150 utils.loginAndGetAccessToken(server, function (err, accessToken) {
151 if (err) throw err
152
153 userAccessToken = accessToken
154
155 done()
156 })
157 })
158 })
159
160 describe('When making friends', function () {
161 it('Should fail with a invalid token', function (done) {
162 request(server.url)
163 .get(path + '/makefriends')
164 .query({ start: 'hello' })
165 .set('Authorization', 'Bearer faketoken')
166 .set('Accept', 'application/json')
167 .expect(401, done)
168 })
169
170 it('Should fail if the user is not an administrator', function (done) {
171 request(server.url)
172 .get(path + '/makefriends')
173 .query({ start: 'hello' })
174 .set('Authorization', 'Bearer ' + userAccessToken)
175 .set('Accept', 'application/json')
176 .expect(403, done)
177 })
178 })
179
180 describe('When quitting friends', function () {
181 it('Should fail with a invalid token', function (done) {
182 request(server.url)
183 .get(path + '/quitfriends')
184 .query({ start: 'hello' })
185 .set('Authorization', 'Bearer faketoken')
186 .set('Accept', 'application/json')
187 .expect(401, done)
188 })
189
190 it('Should fail if the user is not an administrator', function (done) {
191 request(server.url)
192 .get(path + '/quitfriends')
193 .query({ start: 'hello' })
194 .set('Authorization', 'Bearer ' + userAccessToken)
195 .set('Accept', 'application/json')
196 .expect(403, done)
197 })
125 }) 198 })
126 }) 199 })
127 }) 200 })
@@ -361,7 +434,7 @@ describe('Test parameters validator', function () {
361 attach.videofile = pathUtils.join(__dirname, 'fixtures', 'video_short.mp4') 434 attach.videofile = pathUtils.join(__dirname, 'fixtures', 'video_short.mp4')
362 makePostRequest(path, server.accessToken, data, attach, function () { 435 makePostRequest(path, server.accessToken, data, attach, function () {
363 attach.videofile = pathUtils.join(__dirname, 'fixtures', 'video_short.ogv') 436 attach.videofile = pathUtils.join(__dirname, 'fixtures', 'video_short.ogv')
364 makePostRequest(path, server.accessToken, data, attach, done, false) 437 makePostRequest(path, server.accessToken, data, attach, done, 204)
365 }, false) 438 }, false)
366 }, false) 439 }, false)
367 }) 440 })
@@ -429,6 +502,165 @@ describe('Test parameters validator', function () {
429 }) 502 })
430 }) 503 })
431 504
505 describe('Of the users API', function () {
506 const path = '/api/v1/users/'
507
508 describe('When adding a new user', function () {
509 it('Should fail with a too small username', function (done) {
510 const data = {
511 username: 'ji',
512 password: 'mysuperpassword'
513 }
514
515 makePostBodyRequest(path, server.accessToken, data, done)
516 })
517
518 it('Should fail with a too long username', function (done) {
519 const data = {
520 username: 'mysuperusernamewhichisverylong',
521 password: 'mysuperpassword'
522 }
523
524 makePostBodyRequest(path, server.accessToken, data, done)
525 })
526
527 it('Should fail with an incorrect username', function (done) {
528 const data = {
529 username: 'my username',
530 password: 'mysuperpassword'
531 }
532
533 makePostBodyRequest(path, server.accessToken, data, done)
534 })
535
536 it('Should fail with a too small password', function (done) {
537 const data = {
538 username: 'myusername',
539 password: 'bla'
540 }
541
542 makePostBodyRequest(path, server.accessToken, data, done)
543 })
544
545 it('Should fail with a too long password', function (done) {
546 const data = {
547 username: 'myusername',
548 password: 'my super long password which is very very very very very very very very very very very very very very' +
549 'very very very very very very very very very very very very very very very veryv very very very very' +
550 'very very very very very very very very very very very very very very very very very very very very long'
551 }
552
553 makePostBodyRequest(path, server.accessToken, data, done)
554 })
555
556 it('Should fail with an non authenticated user', function (done) {
557 const data = {
558 username: 'myusername',
559 password: 'my super password'
560 }
561
562 makePostBodyRequest(path, 'super token', data, done, 401)
563 })
564
565 it('Should succeed with the correct params', function (done) {
566 const data = {
567 username: 'user1',
568 password: 'my super password'
569 }
570
571 makePostBodyRequest(path, server.accessToken, data, done, 204)
572 })
573
574 it('Should fail with a non admin user', function (done) {
575 server.user = {
576 username: 'user1',
577 password: 'my super password'
578 }
579
580 utils.loginAndGetAccessToken(server, function (err, accessToken) {
581 if (err) throw err
582
583 const data = {
584 username: 'user2',
585 password: 'my super password'
586 }
587
588 makePostBodyRequest(path, accessToken, data, done, 403)
589 })
590 })
591 })
592
593 describe('When updating a user', function () {
594 let userId = null
595
596 before(function (done) {
597 utils.getUsersList(server.url, function (err, res) {
598 if (err) throw err
599
600 userId = res.body.data[1].id
601 done()
602 })
603 })
604
605 it('Should fail with a too small password', function (done) {
606 const data = {
607 password: 'bla'
608 }
609
610 makePutBodyRequest(path + '/' + userId, server.accessToken, data, done)
611 })
612
613 it('Should fail with a too long password', function (done) {
614 const data = {
615 password: 'my super long password which is very very very very very very very very very very very very very very' +
616 'very very very very very very very very very very very very very very very veryv very very very very' +
617 'very very very very very very very very very very very very very very very very very very very very long'
618 }
619
620 makePutBodyRequest(path + '/' + userId, server.accessToken, data, done)
621 })
622
623 it('Should fail with an non authenticated user', function (done) {
624 const data = {
625 password: 'my super password'
626 }
627
628 makePutBodyRequest(path + '/' + userId, 'super token', data, done, 401)
629 })
630
631 it('Should succeed with the correct params', function (done) {
632 const data = {
633 password: 'my super password'
634 }
635
636 makePutBodyRequest(path + '/' + userId, server.accessToken, data, done, 204)
637 })
638 })
639
640 describe('When removing an user', function () {
641 it('Should fail with an incorrect username', function (done) {
642 request(server.url)
643 .delete(path + 'bla-bla')
644 .set('Authorization', 'Bearer ' + server.accessToken)
645 .expect(400, done)
646 })
647
648 it('Should return 404 with a non existing username', function (done) {
649 request(server.url)
650 .delete(path + 'qzzerg')
651 .set('Authorization', 'Bearer ' + server.accessToken)
652 .expect(404, done)
653 })
654
655 it('Should success with the correct parameters', function (done) {
656 request(server.url)
657 .delete(path + 'user1')
658 .set('Authorization', 'Bearer ' + server.accessToken)
659 .expect(204, done)
660 })
661 })
662 })
663
432 describe('Of the remote videos API', function () { 664 describe('Of the remote videos API', function () {
433 describe('When making a secure request', function () { 665 describe('When making a secure request', function () {
434 it('Should check a secure request') 666 it('Should check a secure request')