3 files changed, 393 insertions, 20 deletions
diff --git a/server/tests/api/checkParams.js b/server/tests/api/checkParams.js
index c1ba9c2c0..bd7227e9c 100644
--- a/server/tests/api/checkParams.js
+++ b/server/tests/api/checkParams.js
@@ -11,9 +11,8 @@ const utils = require('./utils')
 describe('Test parameters validator', function () {
  let server = null
-  function makePostRequest (path, token, fields, attaches, done, fail) {
+  function makePostRequest (path, token, fields, attaches, done, statusCodeExpected) {
-    let statusCode = 400
+    if (!statusCodeExpected) statusCodeExpected = 400
-    if (fail !== undefined && fail === false) statusCode = 204
    const req = request(server.url)
      .post(path)
@@ -38,18 +37,31 @@ describe('Test parameters validator', function () {
      req.attach(attach, value)
    })
-    req.expect(statusCode, done)
+    req.expect(statusCodeExpected, done)
  }
-  function makePostBodyRequest (path, fields, done, fail) {
+  function makePostBodyRequest (path, token, fields, done, statusCodeExpected) {
-    let statusCode = 400
+    if (!statusCodeExpected) statusCodeExpected = 400
-    if (fail !== undefined && fail === false) statusCode = 200
-    request(server.url)
+    const req = request(server.url)
      .post(path)
      .set('Accept', 'application/json')
-      .send(fields)
-      .expect(statusCode, done)
+    if (token) req.set('Authorization', 'Bearer ' + token)
+    req.send(fields).expect(statusCodeExpected, done)
+  }
+  function makePutBodyRequest (path, token, fields, done, statusCodeExpected) {
+    if (!statusCodeExpected) statusCodeExpected = 400
+    const req = request(server.url)
+      .put(path)
+      .set('Accept', 'application/json')
+    if (token) req.set('Authorization', 'Bearer ' + token)
+    req.send(fields).expect(statusCodeExpected, done)
  }
  // ---------------------------------------------------------------
@@ -85,21 +97,21 @@ describe('Test parameters validator', function () {
    describe('When adding a pod', function () {
      it('Should fail with nothing', function (done) {
        const data = {}
-        makePostBodyRequest(path, data, done)
+        makePostBodyRequest(path, null, data, done)
      })
      it('Should fail without public key', function (done) {
        const data = {
          url: 'http://coucou.com'
        }
-        makePostBodyRequest(path, data, done)
+        makePostBodyRequest(path, null, data, done)
      })
      it('Should fail without an url', function (done) {
        const data = {
          publicKey: 'mysuperpublickey'
        }
-        makePostBodyRequest(path, data, done)
+        makePostBodyRequest(path, null, data, done)
      })
      it('Should fail with an incorrect url', function (done) {
@@ -107,11 +119,11 @@ describe('Test parameters validator', function () {
          url: 'coucou.com',
          publicKey: 'mysuperpublickey'
        }
-        makePostBodyRequest(path, data, function () {
+        makePostBodyRequest(path, null, data, function () {
          data.url = 'http://coucou'
-          makePostBodyRequest(path, data, function () {
+          makePostBodyRequest(path, null, data, function () {
            data.url = 'coucou'
-            makePostBodyRequest(path, data, done)
+            makePostBodyRequest(path, null, data, done)
          })
        })
      })
@@ -121,7 +133,68 @@ describe('Test parameters validator', function () {
          url: 'http://coucou.com',
          publicKey: 'mysuperpublickey'
        }
-        makePostBodyRequest(path, data, done, false)
+        makePostBodyRequest(path, null, data, done, 200)
+      })
+    })
+    describe('For the friends API', function () {
+      let userAccessToken = null
+      before(function (done) {
+        utils.createUser(server.url, server.accessToken, 'user1', 'password', function () {
+          server.user = {
+            username: 'user1',
+            password: 'password'
+          }
+          utils.loginAndGetAccessToken(server, function (err, accessToken) {
+            if (err) throw err
+            userAccessToken = accessToken
+            done()
+          })
+        })
+      })
+      describe('When making friends', function () {
+        it('Should fail with a invalid token', function (done) {
+          request(server.url)
+            .get(path + '/makefriends')
+            .query({ start: 'hello' })
+            .set('Authorization', 'Bearer faketoken')
+            .set('Accept', 'application/json')
+            .expect(401, done)
+        })
+        it('Should fail if the user is not an administrator', function (done) {
+          request(server.url)
+            .get(path + '/makefriends')
+            .query({ start: 'hello' })
+            .set('Authorization', 'Bearer ' + userAccessToken)
+            .set('Accept', 'application/json')
+            .expect(403, done)
+        })
+      })
+      describe('When quitting friends', function () {
+        it('Should fail with a invalid token', function (done) {
+          request(server.url)
+            .get(path + '/quitfriends')
+            .query({ start: 'hello' })
+            .set('Authorization', 'Bearer faketoken')
+            .set('Accept', 'application/json')
+            .expect(401, done)
+        })
+        it('Should fail if the user is not an administrator', function (done) {
+          request(server.url)
+            .get(path + '/quitfriends')
+            .query({ start: 'hello' })
+            .set('Authorization', 'Bearer ' + userAccessToken)
+            .set('Accept', 'application/json')
+            .expect(403, done)
+        })
      })
    })
  })
@@ -361,7 +434,7 @@ describe('Test parameters validator', function () {
          attach.videofile = pathUtils.join(__dirname, 'fixtures', 'video_short.mp4')
          makePostRequest(path, server.accessToken, data, attach, function () {
            attach.videofile = pathUtils.join(__dirname, 'fixtures', 'video_short.ogv')
-            makePostRequest(path, server.accessToken, data, attach, done, false)
+            makePostRequest(path, server.accessToken, data, attach, done, 204)
          }, false)
        }, false)
      })
@@ -429,6 +502,165 @@ describe('Test parameters validator', function () {
    })
  })
+  describe('Of the users API', function () {
+    const path = '/api/v1/users/'
+    describe('When adding a new user', function () {
+      it('Should fail with a too small username', function (done) {
+        const data = {
+          username: 'ji',
+          password: 'mysuperpassword'
+        }
+        makePostBodyRequest(path, server.accessToken, data, done)
+      })
+      it('Should fail with a too long username', function (done) {
+        const data = {
+          username: 'mysuperusernamewhichisverylong',
+          password: 'mysuperpassword'
+        }
+        makePostBodyRequest(path, server.accessToken, data, done)
+      })
+      it('Should fail with an incorrect username', function (done) {
+        const data = {
+          username: 'my username',
+          password: 'mysuperpassword'
+        }
+        makePostBodyRequest(path, server.accessToken, data, done)
+      })
+      it('Should fail with a too small password', function (done) {
+        const data = {
+          username: 'myusername',
+          password: 'bla'
+        }
+        makePostBodyRequest(path, server.accessToken, data, done)
+      })
+      it('Should fail with a too long password', function (done) {
+        const data = {
+          username: 'myusername',
+          password: 'my super long password which is very very very very very very very very very very very very very very' +
+                    'very very very very very very very very very very very very very very very veryv very very very very' +
+                    'very very very very very very very very very very very very very very very very very very very very long'
+        }
+        makePostBodyRequest(path, server.accessToken, data, done)
+      })
+      it('Should fail with an non authenticated user', function (done) {
+        const data = {
+          username: 'myusername',
+          password: 'my super password'
+        }
+        makePostBodyRequest(path, 'super token', data, done, 401)
+      })
+      it('Should succeed with the correct params', function (done) {
+        const data = {
+          username: 'user1',
+          password: 'my super password'
+        }
+        makePostBodyRequest(path, server.accessToken, data, done, 204)
+      })
+      it('Should fail with a non admin user', function (done) {
+        server.user = {
+          username: 'user1',
+          password: 'my super password'
+        }
+        utils.loginAndGetAccessToken(server, function (err, accessToken) {
+          if (err) throw err
+          const data = {
+            username: 'user2',
+            password: 'my super password'
+          }
+          makePostBodyRequest(path, accessToken, data, done, 403)
+        })
+      })
+    })
+    describe('When updating a user', function () {
+      let userId = null
+      before(function (done) {
+        utils.getUsersList(server.url, function (err, res) {
+          if (err) throw err
+          userId = res.body.data[1].id
+          done()
+        })
+      })
+      it('Should fail with a too small password', function (done) {
+        const data = {
+          password: 'bla'
+        }
+        makePutBodyRequest(path + '/' + userId, server.accessToken, data, done)
+      })
+      it('Should fail with a too long password', function (done) {
+        const data = {
+          password: 'my super long password which is very very very very very very very very very very very very very very' +
+                    'very very very very very very very very very very very very very very very veryv very very very very' +
+                    'very very very very very very very very very very very very very very very very very very very very long'
+        }
+        makePutBodyRequest(path + '/' + userId, server.accessToken, data, done)
+      })
+      it('Should fail with an non authenticated user', function (done) {
+        const data = {
+          password: 'my super password'
+        }
+        makePutBodyRequest(path + '/' + userId, 'super token', data, done, 401)
+      })
+      it('Should succeed with the correct params', function (done) {
+        const data = {
+          password: 'my super password'
+        }
+        makePutBodyRequest(path + '/' + userId, server.accessToken, data, done, 204)
+      })
+    })
+    describe('When removing an user', function () {
+      it('Should fail with an incorrect username', function (done) {
+        request(server.url)
+          .delete(path + 'bla-bla')
+          .set('Authorization', 'Bearer ' + server.accessToken)
+          .expect(400, done)
+      })
+      it('Should return 404 with a non existing username', function (done) {
+        request(server.url)
+          .delete(path + 'qzzerg')
+          .set('Authorization', 'Bearer ' + server.accessToken)
+          .expect(404, done)
+      })
+      it('Should success with the correct parameters', function (done) {
+        request(server.url)
+          .delete(path + 'user1')
+          .set('Authorization', 'Bearer ' + server.accessToken)
+          .expect(204, done)
+      })
+    })
+  })
  describe('Of the remote videos API', function () {
    describe('When making a secure request', function () {
      it('Should check a secure request')
diff --git a/server/tests/api/users.js b/server/tests/api/users.js
index 68ba9de33..c711d6b64 100644
--- a/server/tests/api/users.js
+++ b/server/tests/api/users.js
@@ -13,7 +13,9 @@ const utils = require('./utils')
 describe('Test users', function () {
  let server = null
  let accessToken = null
-  let videoId
+  let accessTokenUser = null
+  let videoId = null
+  let userId = null
  before(function (done) {
    this.timeout(20000)
@@ -158,6 +160,85 @@ describe('Test users', function () {
  it('Should be able to upload a video again')
+  it('Should be able to create a new user', function (done) {
+    utils.createUser(server.url, accessToken, 'user_1', 'super password', done)
+  })
+  it('Should be able to login with this user', function (done) {
+    server.user = {
+      username: 'user_1',
+      password: 'super password'
+    }
+    utils.loginAndGetAccessToken(server, function (err, token) {
+      if (err) throw err
+      accessTokenUser = token
+      done()
+    })
+  })
+  it('Should be able to upload a video with this user', function (done) {
+    this.timeout(5000)
+    const name = 'my super name'
+    const description = 'my super description'
+    const tags = [ 'tag1', 'tag2', 'tag3' ]
+    const file = 'video_short.webm'
+    utils.uploadVideo(server.url, accessTokenUser, name, description, tags, file, done)
+  })
+  it('Should list all the users', function (done) {
+    utils.getUsersList(server.url, function (err, res) {
+      if (err) throw err
+      const users = res.body.data
+      expect(users).to.be.an('array')
+      expect(users.length).to.equal(2)
+      const rootUser = users[0]
+      expect(rootUser.username).to.equal('root')
+      const user = users[1]
+      expect(user.username).to.equal('user_1')
+      userId = user.id
+      done()
+    })
+  })
+  it('Should update the user password', function (done) {
+    utils.updateUser(server.url, userId, accessTokenUser, 'new password', function (err, res) {
+      if (err) throw err
+      server.user.password = 'new password'
+      utils.login(server.url, server.client, server.user, 200, done)
+    })
+  })
+  it('Should be able to remove this user', function (done) {
+    utils.removeUser(server.url, accessToken, 'user_1', done)
+  })
+  it('Should not be able to login with this user', function (done) {
+    // server.user is already set to user 1
+    utils.login(server.url, server.client, server.user, 400, done)
+  })
+  it('Should not have videos of this user', function (done) {
+    utils.getVideosList(server.url, function (err, res) {
+      if (err) throw err
+      expect(res.body.total).to.equal(1)
+      const video = res.body.data[0]
+      expect(video.author).to.equal('root')
+      done()
+    })
+  })
  after(function (done) {
    process.kill(-server.app.pid)
diff --git a/server/tests/api/utils.js b/server/tests/api/utils.js
index 3cc769f26..f34b81e4a 100644
--- a/server/tests/api/utils.js
+++ b/server/tests/api/utils.js
@@ -8,11 +8,13 @@ const pathUtils = require('path')
 const request = require('supertest')
 const testUtils = {
+  createUser: createUser,
  dateIsValid: dateIsValid,
  flushTests: flushTests,
  getAllVideosListBy: getAllVideosListBy,
  getClient: getClient,
  getFriendsList: getFriendsList,
+  getUsersList: getUsersList,
  getVideo: getVideo,
  getVideosList: getVideosList,
  getVideosListPagination: getVideosListPagination,
@@ -21,6 +23,7 @@ const testUtils = {
  loginAndGetAccessToken: loginAndGetAccessToken,
  makeFriends: makeFriends,
  quitFriends: quitFriends,
+  removeUser: removeUser,
  removeVideo: removeVideo,
  flushAndRunMultipleServers: flushAndRunMultipleServers,
  runServer: runServer,
@@ -28,11 +31,29 @@ const testUtils = {
  searchVideoWithPagination: searchVideoWithPagination,
  searchVideoWithSort: searchVideoWithSort,
  testImage: testImage,
-  uploadVideo: uploadVideo
+  uploadVideo: uploadVideo,
+  updateUser: updateUser
 }
 // ---------------------- Export functions --------------------
+function createUser (url, accessToken, username, password, specialStatus, end) {
+  if (!end) {
+    end = specialStatus
+    specialStatus = 204
+  }
+  const path = '/api/v1/users'
+  request(url)
+    .post(path)
+    .set('Accept', 'application/json')
+    .set('Authorization', 'Bearer ' + accessToken)
+    .send({ username: username, password: password })
+    .expect(specialStatus)
+    .end(end)
+}
 function dateIsValid (dateString) {
  const dateToCheck = new Date(dateString)
  const now = new Date()
@@ -72,6 +93,17 @@ function getClient (url, end) {
    .end(end)
 }
+function getUsersList (url, end) {
+  const path = '/api/v1/users'
+  request(url)
+    .get(path)
+    .set('Accept', 'application/json')
+    .expect(200)
+    .expect('Content-Type', /json/)
+    .end(end)
+}
 function getFriendsList (url, end) {
  const path = '/api/v1/pods/'
@@ -209,6 +241,22 @@ function quitFriends (url, accessToken, expectedStatus, callback) {
    })
 }
+function removeUser (url, token, username, expectedStatus, end) {
+  if (!end) {
+    end = expectedStatus
+    expectedStatus = 204
+  }
+  const path = '/api/v1/users'
+  request(url)
+    .delete(path + '/' + username)
+    .set('Accept', 'application/json')
+    .set('Authorization', 'Bearer ' + token)
+    .expect(expectedStatus)
+    .end(end)
+}
 function removeVideo (url, token, id, expectedStatus, end) {
  if (!end) {
    end = expectedStatus
@@ -414,6 +462,18 @@ function uploadVideo (url, accessToken, name, description, tags, fixture, specia
     .end(end)
 }
+function updateUser (url, userId, accessToken, newPassword, end) {
+  const path = '/api/v1/users/' + userId
+  request(url)
+    .put(path)
+    .set('Accept', 'application/json')
+    .set('Authorization', 'Bearer ' + accessToken)
+    .send({ password: newPassword })
+    .expect(200)
+    .end(end)
+}
 // ---------------------------------------------------------------------------
 module.exports = testUtils

diff --git a/server/tests/api/checkParams.js b/server/tests/api/checkParams.js index c1ba9c2c0..bd7227e9c 100644 --- a/server/tests/api/checkParams.js +++ b/server/tests/api/checkParams.js
@@ -11,9 +11,8 @@ const utils = require('./utils')
11	describe('Test parameters validator', function () {	11	describe('Test parameters validator', function () {
12	let server = null	12	let server = null
13		13
14	function makePostRequest (path, token, fields, attaches, done, fail) {	14	function makePostRequest (path, token, fields, attaches, done, statusCodeExpected) {
15	let statusCode = 400	15	if (!statusCodeExpected) statusCodeExpected = 400
16	if (fail !== undefined && fail === false) statusCode = 204
17		16
18	const req = request(server.url)	17	const req = request(server.url)
19	.post(path)	18	.post(path)
@@ -38,18 +37,31 @@ describe('Test parameters validator', function () {
38	req.attach(attach, value)	37	req.attach(attach, value)
39	})	38	})
40		39
41	req.expect(statusCode, done)	40	req.expect(statusCodeExpected, done)
42	}	41	}
43		42
44	function makePostBodyRequest (path, fields, done, fail) {	43	function makePostBodyRequest (path, token, fields, done, statusCodeExpected) {
45	let statusCode = 400	44	if (!statusCodeExpected) statusCodeExpected = 400
46	if (fail !== undefined && fail === false) statusCode = 200
47		45
48	request(server.url)	46	const req = request(server.url)
49	.post(path)	47	.post(path)
50	.set('Accept', 'application/json')	48	.set('Accept', 'application/json')
51	.send(fields)	49
52	.expect(statusCode, done)	50	if (token) req.set('Authorization', 'Bearer ' + token)
		51
		52	req.send(fields).expect(statusCodeExpected, done)
		53	}
		54
		55	function makePutBodyRequest (path, token, fields, done, statusCodeExpected) {
		56	if (!statusCodeExpected) statusCodeExpected = 400
		57
		58	const req = request(server.url)
		59	.put(path)
		60	.set('Accept', 'application/json')
		61
		62	if (token) req.set('Authorization', 'Bearer ' + token)
		63
		64	req.send(fields).expect(statusCodeExpected, done)
53	}	65	}
54		66
55	// ---------------------------------------------------------------	67	// ---------------------------------------------------------------
@@ -85,21 +97,21 @@ describe('Test parameters validator', function () {
85	describe('When adding a pod', function () {	97	describe('When adding a pod', function () {
86	it('Should fail with nothing', function (done) {	98	it('Should fail with nothing', function (done) {
87	const data = {}	99	const data = {}
88	makePostBodyRequest(path, data, done)	100	makePostBodyRequest(path, null, data, done)
89	})	101	})
90		102
91	it('Should fail without public key', function (done) {	103	it('Should fail without public key', function (done) {
92	const data = {	104	const data = {
93	url: 'http://coucou.com'	105	url: 'http://coucou.com'
94	}	106	}
95	makePostBodyRequest(path, data, done)	107	makePostBodyRequest(path, null, data, done)
96	})	108	})
97		109
98	it('Should fail without an url', function (done) {	110	it('Should fail without an url', function (done) {
99	const data = {	111	const data = {
100	publicKey: 'mysuperpublickey'	112	publicKey: 'mysuperpublickey'
101	}	113	}
102	makePostBodyRequest(path, data, done)	114	makePostBodyRequest(path, null, data, done)
103	})	115	})
104		116
105	it('Should fail with an incorrect url', function (done) {	117	it('Should fail with an incorrect url', function (done) {
@@ -107,11 +119,11 @@ describe('Test parameters validator', function () {
107	url: 'coucou.com',	119	url: 'coucou.com',
108	publicKey: 'mysuperpublickey'	120	publicKey: 'mysuperpublickey'
109	}	121	}
110	makePostBodyRequest(path, data, function () {	122	makePostBodyRequest(path, null, data, function () {
111	data.url = 'http://coucou'	123	data.url = 'http://coucou'
112	makePostBodyRequest(path, data, function () {	124	makePostBodyRequest(path, null, data, function () {
113	data.url = 'coucou'	125	data.url = 'coucou'
114	makePostBodyRequest(path, data, done)	126	makePostBodyRequest(path, null, data, done)
115	})	127	})
116	})	128	})
117	})	129	})
@@ -121,7 +133,68 @@ describe('Test parameters validator', function () {
121	url: 'http://coucou.com',	133	url: 'http://coucou.com',
122	publicKey: 'mysuperpublickey'	134	publicKey: 'mysuperpublickey'
123	}	135	}
124	makePostBodyRequest(path, data, done, false)	136	makePostBodyRequest(path, null, data, done, 200)
		137	})
		138	})
		139
		140	describe('For the friends API', function () {
		141	let userAccessToken = null
		142
		143	before(function (done) {
		144	utils.createUser(server.url, server.accessToken, 'user1', 'password', function () {
		145	server.user = {
		146	username: 'user1',
		147	password: 'password'
		148	}
		149
		150	utils.loginAndGetAccessToken(server, function (err, accessToken) {
		151	if (err) throw err
		152
		153	userAccessToken = accessToken
		154
		155	done()
		156	})
		157	})
		158	})
		159
		160	describe('When making friends', function () {
		161	it('Should fail with a invalid token', function (done) {
		162	request(server.url)
		163	.get(path + '/makefriends')
		164	.query({ start: 'hello' })
		165	.set('Authorization', 'Bearer faketoken')
		166	.set('Accept', 'application/json')
		167	.expect(401, done)
		168	})
		169
		170	it('Should fail if the user is not an administrator', function (done) {
		171	request(server.url)
		172	.get(path + '/makefriends')
		173	.query({ start: 'hello' })
		174	.set('Authorization', 'Bearer ' + userAccessToken)
		175	.set('Accept', 'application/json')
		176	.expect(403, done)
		177	})
		178	})
		179
		180	describe('When quitting friends', function () {
		181	it('Should fail with a invalid token', function (done) {
		182	request(server.url)
		183	.get(path + '/quitfriends')
		184	.query({ start: 'hello' })
		185	.set('Authorization', 'Bearer faketoken')
		186	.set('Accept', 'application/json')
		187	.expect(401, done)
		188	})
		189
		190	it('Should fail if the user is not an administrator', function (done) {
		191	request(server.url)
		192	.get(path + '/quitfriends')
		193	.query({ start: 'hello' })
		194	.set('Authorization', 'Bearer ' + userAccessToken)
		195	.set('Accept', 'application/json')
		196	.expect(403, done)
		197	})
125	})	198	})
126	})	199	})
127	})	200	})
@@ -361,7 +434,7 @@ describe('Test parameters validator', function () {
361	attach.videofile = pathUtils.join(__dirname, 'fixtures', 'video_short.mp4')	434	attach.videofile = pathUtils.join(__dirname, 'fixtures', 'video_short.mp4')
362	makePostRequest(path, server.accessToken, data, attach, function () {	435	makePostRequest(path, server.accessToken, data, attach, function () {
363	attach.videofile = pathUtils.join(__dirname, 'fixtures', 'video_short.ogv')	436	attach.videofile = pathUtils.join(__dirname, 'fixtures', 'video_short.ogv')
364	makePostRequest(path, server.accessToken, data, attach, done, false)	437	makePostRequest(path, server.accessToken, data, attach, done, 204)
365	}, false)	438	}, false)
366	}, false)	439	}, false)
367	})	440	})
@@ -429,6 +502,165 @@ describe('Test parameters validator', function () {
429	})	502	})
430	})	503	})
431		504
		505	describe('Of the users API', function () {
		506	const path = '/api/v1/users/'
		507
		508	describe('When adding a new user', function () {
		509	it('Should fail with a too small username', function (done) {
		510	const data = {
		511	username: 'ji',
		512	password: 'mysuperpassword'
		513	}
		514
		515	makePostBodyRequest(path, server.accessToken, data, done)
		516	})
		517
		518	it('Should fail with a too long username', function (done) {
		519	const data = {
		520	username: 'mysuperusernamewhichisverylong',
		521	password: 'mysuperpassword'
		522	}
		523
		524	makePostBodyRequest(path, server.accessToken, data, done)
		525	})
		526
		527	it('Should fail with an incorrect username', function (done) {
		528	const data = {
		529	username: 'my username',
		530	password: 'mysuperpassword'
		531	}
		532
		533	makePostBodyRequest(path, server.accessToken, data, done)
		534	})
		535
		536	it('Should fail with a too small password', function (done) {
		537	const data = {
		538	username: 'myusername',
		539	password: 'bla'
		540	}
		541
		542	makePostBodyRequest(path, server.accessToken, data, done)
		543	})
		544
		545	it('Should fail with a too long password', function (done) {
		546	const data = {
		547	username: 'myusername',
		548	password: 'my super long password which is very very very very very very very very very very very very very very' +
		549	'very very very very very very very very very very very very very very very veryv very very very very' +
		550	'very very very very very very very very very very very very very very very very very very very very long'
		551	}
		552
		553	makePostBodyRequest(path, server.accessToken, data, done)
		554	})
		555
		556	it('Should fail with an non authenticated user', function (done) {
		557	const data = {
		558	username: 'myusername',
		559	password: 'my super password'
		560	}
		561
		562	makePostBodyRequest(path, 'super token', data, done, 401)
		563	})
		564
		565	it('Should succeed with the correct params', function (done) {
		566	const data = {
		567	username: 'user1',
		568	password: 'my super password'
		569	}
		570
		571	makePostBodyRequest(path, server.accessToken, data, done, 204)
		572	})
		573
		574	it('Should fail with a non admin user', function (done) {
		575	server.user = {
		576	username: 'user1',
		577	password: 'my super password'
		578	}
		579
		580	utils.loginAndGetAccessToken(server, function (err, accessToken) {
		581	if (err) throw err
		582
		583	const data = {
		584	username: 'user2',
		585	password: 'my super password'
		586	}
		587
		588	makePostBodyRequest(path, accessToken, data, done, 403)
		589	})
		590	})
		591	})
		592
		593	describe('When updating a user', function () {
		594	let userId = null
		595
		596	before(function (done) {
		597	utils.getUsersList(server.url, function (err, res) {
		598	if (err) throw err
		599
		600	userId = res.body.data[1].id
		601	done()
		602	})
		603	})
		604
		605	it('Should fail with a too small password', function (done) {
		606	const data = {
		607	password: 'bla'
		608	}
		609
		610	makePutBodyRequest(path + '/' + userId, server.accessToken, data, done)
		611	})
		612
		613	it('Should fail with a too long password', function (done) {
		614	const data = {
		615	password: 'my super long password which is very very very very very very very very very very very very very very' +
		616	'very very very very very very very very very very very very very very very veryv very very very very' +
		617	'very very very very very very very very very very very very very very very very very very very very long'
		618	}
		619
		620	makePutBodyRequest(path + '/' + userId, server.accessToken, data, done)
		621	})
		622
		623	it('Should fail with an non authenticated user', function (done) {
		624	const data = {
		625	password: 'my super password'
		626	}
		627
		628	makePutBodyRequest(path + '/' + userId, 'super token', data, done, 401)
		629	})
		630
		631	it('Should succeed with the correct params', function (done) {
		632	const data = {
		633	password: 'my super password'
		634	}
		635
		636	makePutBodyRequest(path + '/' + userId, server.accessToken, data, done, 204)
		637	})
		638	})
		639
		640	describe('When removing an user', function () {
		641	it('Should fail with an incorrect username', function (done) {
		642	request(server.url)
		643	.delete(path + 'bla-bla')
		644	.set('Authorization', 'Bearer ' + server.accessToken)
		645	.expect(400, done)
		646	})
		647
		648	it('Should return 404 with a non existing username', function (done) {
		649	request(server.url)
		650	.delete(path + 'qzzerg')
		651	.set('Authorization', 'Bearer ' + server.accessToken)
		652	.expect(404, done)
		653	})
		654
		655	it('Should success with the correct parameters', function (done) {
		656	request(server.url)
		657	.delete(path + 'user1')
		658	.set('Authorization', 'Bearer ' + server.accessToken)
		659	.expect(204, done)
		660	})
		661	})
		662	})
		663
432	describe('Of the remote videos API', function () {	664	describe('Of the remote videos API', function () {
433	describe('When making a secure request', function () {	665	describe('When making a secure request', function () {
434	it('Should check a secure request')	666	it('Should check a secure request')


diff --git a/server/tests/api/users.js b/server/tests/api/users.js index 68ba9de33..c711d6b64 100644 --- a/server/tests/api/users.js +++ b/server/tests/api/users.js
@@ -13,7 +13,9 @@ const utils = require('./utils')
13	describe('Test users', function () {	13	describe('Test users', function () {
14	let server = null	14	let server = null
15	let accessToken = null	15	let accessToken = null
16	let videoId	16	let accessTokenUser = null
		17	let videoId = null
		18	let userId = null
17		19
18	before(function (done) {	20	before(function (done) {
19	this.timeout(20000)	21	this.timeout(20000)
@@ -158,6 +160,85 @@ describe('Test users', function () {
158		160
159	it('Should be able to upload a video again')	161	it('Should be able to upload a video again')
160		162
		163	it('Should be able to create a new user', function (done) {
		164	utils.createUser(server.url, accessToken, 'user_1', 'super password', done)
		165	})
		166
		167	it('Should be able to login with this user', function (done) {
		168	server.user = {
		169	username: 'user_1',
		170	password: 'super password'
		171	}
		172
		173	utils.loginAndGetAccessToken(server, function (err, token) {
		174	if (err) throw err
		175
		176	accessTokenUser = token
		177
		178	done()
		179	})
		180	})
		181
		182	it('Should be able to upload a video with this user', function (done) {
		183	this.timeout(5000)
		184
		185	const name = 'my super name'
		186	const description = 'my super description'
		187	const tags = [ 'tag1', 'tag2', 'tag3' ]
		188	const file = 'video_short.webm'
		189	utils.uploadVideo(server.url, accessTokenUser, name, description, tags, file, done)
		190	})
		191
		192	it('Should list all the users', function (done) {
		193	utils.getUsersList(server.url, function (err, res) {
		194	if (err) throw err
		195
		196	const users = res.body.data
		197
		198	expect(users).to.be.an('array')
		199	expect(users.length).to.equal(2)
		200
		201	const rootUser = users[0]
		202	expect(rootUser.username).to.equal('root')
		203
		204	const user = users[1]
		205	expect(user.username).to.equal('user_1')
		206	userId = user.id
		207
		208	done()
		209	})
		210	})
		211
		212	it('Should update the user password', function (done) {
		213	utils.updateUser(server.url, userId, accessTokenUser, 'new password', function (err, res) {
		214	if (err) throw err
		215
		216	server.user.password = 'new password'
		217	utils.login(server.url, server.client, server.user, 200, done)
		218	})
		219	})
		220
		221	it('Should be able to remove this user', function (done) {
		222	utils.removeUser(server.url, accessToken, 'user_1', done)
		223	})
		224
		225	it('Should not be able to login with this user', function (done) {
		226	// server.user is already set to user 1
		227	utils.login(server.url, server.client, server.user, 400, done)
		228	})
		229
		230	it('Should not have videos of this user', function (done) {
		231	utils.getVideosList(server.url, function (err, res) {
		232	if (err) throw err
		233
		234	expect(res.body.total).to.equal(1)
		235	const video = res.body.data[0]
		236	expect(video.author).to.equal('root')
		237
		238	done()
		239	})
		240	})
		241
161	after(function (done) {	242	after(function (done) {
162	process.kill(-server.app.pid)	243	process.kill(-server.app.pid)
163		244


diff --git a/server/tests/api/utils.js b/server/tests/api/utils.js index 3cc769f26..f34b81e4a 100644 --- a/server/tests/api/utils.js +++ b/server/tests/api/utils.js
@@ -8,11 +8,13 @@ const pathUtils = require('path')
8	const request = require('supertest')	8	const request = require('supertest')
9		9
10	const testUtils = {	10	const testUtils = {
		11	createUser: createUser,
11	dateIsValid: dateIsValid,	12	dateIsValid: dateIsValid,
12	flushTests: flushTests,	13	flushTests: flushTests,
13	getAllVideosListBy: getAllVideosListBy,	14	getAllVideosListBy: getAllVideosListBy,
14	getClient: getClient,	15	getClient: getClient,
15	getFriendsList: getFriendsList,	16	getFriendsList: getFriendsList,
		17	getUsersList: getUsersList,
16	getVideo: getVideo,	18	getVideo: getVideo,
17	getVideosList: getVideosList,	19	getVideosList: getVideosList,
18	getVideosListPagination: getVideosListPagination,	20	getVideosListPagination: getVideosListPagination,
@@ -21,6 +23,7 @@ const testUtils = {
21	loginAndGetAccessToken: loginAndGetAccessToken,	23	loginAndGetAccessToken: loginAndGetAccessToken,
22	makeFriends: makeFriends,	24	makeFriends: makeFriends,
23	quitFriends: quitFriends,	25	quitFriends: quitFriends,
		26	removeUser: removeUser,
24	removeVideo: removeVideo,	27	removeVideo: removeVideo,
25	flushAndRunMultipleServers: flushAndRunMultipleServers,	28	flushAndRunMultipleServers: flushAndRunMultipleServers,
26	runServer: runServer,	29	runServer: runServer,
@@ -28,11 +31,29 @@ const testUtils = {
28	searchVideoWithPagination: searchVideoWithPagination,	31	searchVideoWithPagination: searchVideoWithPagination,
29	searchVideoWithSort: searchVideoWithSort,	32	searchVideoWithSort: searchVideoWithSort,
30	testImage: testImage,	33	testImage: testImage,
31	uploadVideo: uploadVideo	34	uploadVideo: uploadVideo,
		35	updateUser: updateUser
32	}	36	}
33		37
34	// ---------------------- Export functions --------------------	38	// ---------------------- Export functions --------------------
35		39
		40	function createUser (url, accessToken, username, password, specialStatus, end) {
		41	if (!end) {
		42	end = specialStatus
		43	specialStatus = 204
		44	}
		45
		46	const path = '/api/v1/users'
		47
		48	request(url)
		49	.post(path)
		50	.set('Accept', 'application/json')
		51	.set('Authorization', 'Bearer ' + accessToken)
		52	.send({ username: username, password: password })
		53	.expect(specialStatus)
		54	.end(end)
		55	}
		56
36	function dateIsValid (dateString) {	57	function dateIsValid (dateString) {
37	const dateToCheck = new Date(dateString)	58	const dateToCheck = new Date(dateString)
38	const now = new Date()	59	const now = new Date()
@@ -72,6 +93,17 @@ function getClient (url, end) {
72	.end(end)	93	.end(end)
73	}	94	}
74		95
		96	function getUsersList (url, end) {
		97	const path = '/api/v1/users'
		98
		99	request(url)
		100	.get(path)
		101	.set('Accept', 'application/json')
		102	.expect(200)
		103	.expect('Content-Type', /json/)
		104	.end(end)
		105	}
		106
75	function getFriendsList (url, end) {	107	function getFriendsList (url, end) {
76	const path = '/api/v1/pods/'	108	const path = '/api/v1/pods/'
77		109
@@ -209,6 +241,22 @@ function quitFriends (url, accessToken, expectedStatus, callback) {
209	})	241	})
210	}	242	}
211		243
		244	function removeUser (url, token, username, expectedStatus, end) {
		245	if (!end) {
		246	end = expectedStatus
		247	expectedStatus = 204
		248	}
		249
		250	const path = '/api/v1/users'
		251
		252	request(url)
		253	.delete(path + '/' + username)
		254	.set('Accept', 'application/json')
		255	.set('Authorization', 'Bearer ' + token)
		256	.expect(expectedStatus)
		257	.end(end)
		258	}
		259
212	function removeVideo (url, token, id, expectedStatus, end) {	260	function removeVideo (url, token, id, expectedStatus, end) {
213	if (!end) {	261	if (!end) {
214	end = expectedStatus	262	end = expectedStatus
@@ -414,6 +462,18 @@ function uploadVideo (url, accessToken, name, description, tags, fixture, specia
414	.end(end)	462	.end(end)
415	}	463	}
416		464
		465	function updateUser (url, userId, accessToken, newPassword, end) {
		466	const path = '/api/v1/users/' + userId
		467
		468	request(url)
		469	.put(path)
		470	.set('Accept', 'application/json')
		471	.set('Authorization', 'Bearer ' + accessToken)
		472	.send({ password: newPassword })
		473	.expect(200)
		474	.end(end)
		475	}
		476
417	// ---------------------------------------------------------------------------	477	// ---------------------------------------------------------------------------
418		478
419	module.exports = testUtils	479	module.exports = testUtils