From 9a27cdc27c900feaae5f6db4315c4ccdfc0c4493 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Fri, 17 Nov 2017 15:20:42 +0100 Subject: Optimize signature verification --- server/tests/api/check-params/follows.ts | 222 ++++++++++++++++ server/tests/api/check-params/index.ts | 4 +- server/tests/api/check-params/pods.ts | 287 --------------------- server/tests/api/check-params/remotes.ts | 54 ---- .../tests/api/check-params/request-schedulers.ts | 65 ----- server/tests/api/check-params/videos.ts | 4 +- 6 files changed, 225 insertions(+), 411 deletions(-) create mode 100644 server/tests/api/check-params/follows.ts delete mode 100644 server/tests/api/check-params/pods.ts delete mode 100644 server/tests/api/check-params/remotes.ts delete mode 100644 server/tests/api/check-params/request-schedulers.ts (limited to 'server/tests/api/check-params') diff --git a/server/tests/api/check-params/follows.ts b/server/tests/api/check-params/follows.ts new file mode 100644 index 000000000..d742200c1 --- /dev/null +++ b/server/tests/api/check-params/follows.ts @@ -0,0 +1,222 @@ +/* tslint:disable:no-unused-expression */ + +import * as request from 'supertest' +import 'mocha' + +import { + ServerInfo, + flushTests, + runServer, + createUser, + loginAndGetAccessToken, + setAccessTokensToServers, + killallServers, + makePostBodyRequest +} from '../../utils' + +describe('Test server follows API validators', function () { + let server: ServerInfo + + // --------------------------------------------------------------- + + before(async function () { + this.timeout(45000) + + await flushTests() + server = await runServer(1) + + await setAccessTokensToServers([ server ]) + }) + + describe('When managing following', function () { + let userAccessToken = null + + before(async function () { + await createUser(server.url, server.accessToken, 'user1', 'password') + server.user = { + username: 'user1', + password: 'password' + } + + userAccessToken = await loginAndGetAccessToken(server) + }) + + describe('When adding follows', function () { + const path = '/api/v1/server/following' + const body = { + hosts: [ 'localhost:9002' ] + } + + it('Should fail without hosts', async function () { + await request(server.url) + .post(path) + .set('Authorization', 'Bearer ' + server.accessToken) + .set('Accept', 'application/json') + .expect(400) + }) + + it('Should fail if hosts is not an array', async function () { + await request(server.url) + .post(path) + .send({ hosts: 'localhost:9002' }) + .set('Authorization', 'Bearer ' + server.accessToken) + .set('Accept', 'application/json') + .expect(400) + }) + + it('Should fail if the array is not composed by hosts', async function () { + await request(server.url) + .post(path) + .send({ hosts: [ 'localhost:9002', 'localhost:coucou' ] }) + .set('Authorization', 'Bearer ' + server.accessToken) + .set('Accept', 'application/json') + .expect(400) + }) + + it('Should fail if the array is composed with http schemes', async function () { + await request(server.url) + .post(path) + .send({ hosts: [ 'localhost:9002', 'http://localhost:9003' ] }) + .set('Authorization', 'Bearer ' + server.accessToken) + .set('Accept', 'application/json') + .expect(400) + }) + + it('Should fail if hosts are not unique', async function () { + await request(server.url) + .post(path) + .send({ urls: [ 'localhost:9002', 'localhost:9002' ] }) + .set('Authorization', 'Bearer ' + server.accessToken) + .set('Accept', 'application/json') + .expect(400) + }) + + it('Should fail with an invalid token', async function () { + await request(server.url) + .post(path) + .send(body) + .set('Authorization', 'Bearer fake_token') + .set('Accept', 'application/json') + .expect(401) + }) + + it('Should fail if the user is not an administrator', async function () { + await request(server.url) + .post(path) + .send(body) + .set('Authorization', 'Bearer ' + userAccessToken) + .set('Accept', 'application/json') + .expect(403) + }) + }) + + describe('When listing followings', function () { + const path = '/api/v1/server/following' + + it('Should fail with a bad start pagination', async function () { + await request(server.url) + .get(path) + .query({ start: 'hello' }) + .set('Accept', 'application/json') + .expect(400) + }) + + it('Should fail with a bad count pagination', async function () { + await request(server.url) + .get(path) + .query({ count: 'hello' }) + .set('Accept', 'application/json') + .expect(400) + }) + + it('Should fail with an incorrect sort', async function () { + await request(server.url) + .get(path) + .query({ sort: 'hello' }) + .set('Accept', 'application/json') + .expect(400) + }) + }) + + describe('When listing followers', function () { + const path = '/api/v1/server/followers' + + it('Should fail with a bad start pagination', async function () { + await request(server.url) + .get(path) + .query({ start: 'hello' }) + .set('Accept', 'application/json') + .expect(400) + }) + + it('Should fail with a bad count pagination', async function () { + await request(server.url) + .get(path) + .query({ count: 'hello' }) + .set('Accept', 'application/json') + .expect(400) + }) + + it('Should fail with an incorrect sort', async function () { + await request(server.url) + .get(path) + .query({ sort: 'hello' }) + .set('Accept', 'application/json') + .expect(400) + }) + }) + + describe('When removing following', function () { + // it('Should fail with an invalid token', async function () { + // await request(server.url) + // .delete(path + '/1') + // .set('Authorization', 'Bearer faketoken') + // .set('Accept', 'application/json') + // .expect(401) + // }) + // + // it('Should fail if the user is not an administrator', async function () { + // await request(server.url) + // .delete(path + '/1') + // .set('Authorization', 'Bearer ' + userAccessToken) + // .set('Accept', 'application/json') + // .expect(403) + // }) + // + // it('Should fail with an undefined id', async function () { + // await request(server.url) + // .delete(path + '/' + undefined) + // .set('Authorization', 'Bearer ' + server.accessToken) + // .set('Accept', 'application/json') + // .expect(400) + // }) + // + // it('Should fail with an invalid id', async function () { + // await request(server.url) + // .delete(path + '/foobar') + // .set('Authorization', 'Bearer ' + server.accessToken) + // .set('Accept', 'application/json') + // .expect(400) + // }) + // + // it('Should fail we do not follow this server', async function () { + // await request(server.url) + // .delete(path + '/-1') + // .set('Authorization', 'Bearer ' + server.accessToken) + // .set('Accept', 'application/json') + // .expect(404) + // }) + // + // it('Should succeed with the correct parameters') + }) + }) + + after(async function () { + killallServers([ server ]) + + // Keep the logs if the test failed + if (this['ok']) { + await flushTests() + } + }) +}) diff --git a/server/tests/api/check-params/index.ts b/server/tests/api/check-params/index.ts index 954b206e9..287480808 100644 --- a/server/tests/api/check-params/index.ts +++ b/server/tests/api/check-params/index.ts @@ -1,8 +1,6 @@ // Order of the tests we want to execute -import './pods' -import './remotes' +import './follows' import './users' -import './request-schedulers' import './services' import './videos' import './video-abuses' diff --git a/server/tests/api/check-params/pods.ts b/server/tests/api/check-params/pods.ts deleted file mode 100644 index 9f9c2e4f0..000000000 --- a/server/tests/api/check-params/pods.ts +++ /dev/null @@ -1,287 +0,0 @@ -/* tslint:disable:no-unused-expression */ - -import * as request from 'supertest' -import 'mocha' - -import { - ServerInfo, - flushTests, - runServer, - createUser, - loginAndGetAccessToken, - setAccessTokensToServers, - killallServers, - makePostBodyRequest -} from '../../utils' - -describe('Test pods API validators', function () { - let server: ServerInfo - - // --------------------------------------------------------------- - - before(async function () { - this.timeout(45000) - - await flushTests() - server = await runServer(1) - - await setAccessTokensToServers([ server ]) - }) - - describe('When managing friends', function () { - const path = '/api/v1/pods/' - let userAccessToken = null - - before(async function () { - await createUser(server.url, server.accessToken, 'user1', 'password') - server.user = { - username: 'user1', - password: 'password' - } - - userAccessToken = await loginAndGetAccessToken(server) - }) - - describe('When making friends', function () { - const body = { - hosts: [ 'localhost:9002' ] - } - - it('Should fail without hosts', async function () { - await request(server.url) - .post(path + '/make-friends') - .set('Authorization', 'Bearer ' + server.accessToken) - .set('Accept', 'application/json') - .expect(400) - }) - - it('Should fail if hosts is not an array', async function () { - await request(server.url) - .post(path + '/make-friends') - .send({ hosts: 'localhost:9002' }) - .set('Authorization', 'Bearer ' + server.accessToken) - .set('Accept', 'application/json') - .expect(400) - }) - - it('Should fail if the array is not composed by hosts', async function () { - await request(server.url) - .post(path + '/make-friends') - .send({ hosts: [ 'localhost:9002', 'localhost:coucou' ] }) - .set('Authorization', 'Bearer ' + server.accessToken) - .set('Accept', 'application/json') - .expect(400) - }) - - it('Should fail if the array is composed with http schemes', async function () { - await request(server.url) - .post(path + '/make-friends') - .send({ hosts: [ 'localhost:9002', 'http://localhost:9003' ] }) - .set('Authorization', 'Bearer ' + server.accessToken) - .set('Accept', 'application/json') - .expect(400) - }) - - it('Should fail if hosts are not unique', async function () { - await request(server.url) - .post(path + '/make-friends') - .send({ urls: [ 'localhost:9002', 'localhost:9002' ] }) - .set('Authorization', 'Bearer ' + server.accessToken) - .set('Accept', 'application/json') - .expect(400) - }) - - it('Should fail with an invalid token', async function () { - await request(server.url) - .post(path + '/make-friends') - .send(body) - .set('Authorization', 'Bearer fake_token') - .set('Accept', 'application/json') - .expect(401) - }) - - it('Should fail if the user is not an administrator', async function () { - await request(server.url) - .post(path + '/make-friends') - .send(body) - .set('Authorization', 'Bearer ' + userAccessToken) - .set('Accept', 'application/json') - .expect(403) - }) - }) - - describe('When listing friends', function () { - it('Should fail with a bad start pagination', async function () { - await request(server.url) - .get(path) - .query({ start: 'hello' }) - .set('Accept', 'application/json') - .expect(400) - }) - - it('Should fail with a bad count pagination', async function () { - await request(server.url) - .get(path) - .query({ count: 'hello' }) - .set('Accept', 'application/json') - .expect(400) - }) - - it('Should fail with an incorrect sort', async function () { - await request(server.url) - .get(path) - .query({ sort: 'hello' }) - .set('Accept', 'application/json') - .expect(400) - }) - }) - - describe('When quitting friends', function () { - it('Should fail with an invalid token', async function () { - await request(server.url) - .get(path + '/quit-friends') - .query({ start: 'hello' }) - .set('Authorization', 'Bearer faketoken') - .set('Accept', 'application/json') - .expect(401) - }) - - it('Should fail if the user is not an administrator', async function () { - await request(server.url) - .get(path + '/quit-friends') - .query({ start: 'hello' }) - .set('Authorization', 'Bearer ' + userAccessToken) - .set('Accept', 'application/json') - .expect(403) - }) - }) - - describe('When removing one friend', function () { - it('Should fail with an invalid token', async function () { - await request(server.url) - .delete(path + '/1') - .set('Authorization', 'Bearer faketoken') - .set('Accept', 'application/json') - .expect(401) - }) - - it('Should fail if the user is not an administrator', async function () { - await request(server.url) - .delete(path + '/1') - .set('Authorization', 'Bearer ' + userAccessToken) - .set('Accept', 'application/json') - .expect(403) - }) - - it('Should fail with an undefined id', async function () { - await request(server.url) - .delete(path + '/' + undefined) - .set('Authorization', 'Bearer ' + server.accessToken) - .set('Accept', 'application/json') - .expect(400) - }) - - it('Should fail with an invalid id', async function () { - await request(server.url) - .delete(path + '/foobar') - .set('Authorization', 'Bearer ' + server.accessToken) - .set('Accept', 'application/json') - .expect(400) - }) - - it('Should fail if the pod is not a friend', async function () { - await request(server.url) - .delete(path + '/-1') - .set('Authorization', 'Bearer ' + server.accessToken) - .set('Accept', 'application/json') - .expect(404) - }) - - it('Should succeed with the correct parameters') - }) - }) - - describe('When adding a pod from remote', function () { - const path = '/api/v1/remote/pods/add' - - it('Should fail with nothing', async function () { - const fields = {} - await makePostBodyRequest({ url: server.url, path, fields }) - }) - - it('Should fail without public key', async function () { - const fields = { - email: 'test.example.com', - host: 'coucou.com' - } - await makePostBodyRequest({ url: server.url, path, fields }) - }) - - it('Should fail without an email', async function () { - const fields = { - host: 'coucou.com', - publicKey: 'my super public key' - } - await makePostBodyRequest({ url: server.url, path, fields }) - }) - - it('Should fail without an invalid email', async function () { - const fields = { - host: 'coucou.com', - email: 'test.example.com', - publicKey: 'my super public key' - } - await makePostBodyRequest({ url: server.url, path, fields }) - }) - - it('Should fail without a host', async function () { - const fields = { - email: 'test.example.com', - publicKey: 'my super public key' - } - await makePostBodyRequest({ url: server.url, path, fields }) - }) - - it('Should fail with an incorrect host', async function () { - const fields = { - host: 'http://coucou.com', - email: 'test.example.com', - publicKey: 'my super public key' - } - await makePostBodyRequest({ url: server.url, path, fields }) - - fields.host = 'http://coucou' - await makePostBodyRequest({ url: server.url, path, fields }) - - fields.host = 'coucou' - await makePostBodyRequest({ url: server.url, path, fields }) - }) - - it('Should succeed with the correct parameters', async function () { - const fields = { - host: 'coucou.com', - email: 'test@example.com', - publicKey: 'my super public key' - } - await makePostBodyRequest({ url: server.url, path, fields, statusCodeExpected: 200 }) - }) - - it('Should fail with a host that already exists', async function () { - const fields = { - host: 'coucou.com', - email: 'test@example.com', - publicKey: 'my super public key' - } - await makePostBodyRequest({ url: server.url, path, fields, statusCodeExpected: 409 }) - }) - }) - - after(async function () { - killallServers([ server ]) - - // Keep the logs if the test failed - if (this['ok']) { - await flushTests() - } - }) -}) diff --git a/server/tests/api/check-params/remotes.ts b/server/tests/api/check-params/remotes.ts deleted file mode 100644 index 6d1747442..000000000 --- a/server/tests/api/check-params/remotes.ts +++ /dev/null @@ -1,54 +0,0 @@ -/* tslint:disable:no-unused-expression */ - -import 'mocha' - -import { - ServerInfo, - flushTests, - runServer, - setAccessTokensToServers, - killallServers -} from '../../utils' - -describe('Test remote videos API validators', function () { - let server: ServerInfo - - // --------------------------------------------------------------- - - before(async function () { - this.timeout(60000) - - await flushTests() - - server = await runServer(1) - - await setAccessTokensToServers([ server ]) - }) - - describe('When making a secure request', async function () { - it('Should check a secure request') - }) - - describe('When adding a video', async function () { - it('Should check when adding a video') - - it('Should not add an existing uuid') - }) - - describe('When removing a video', async function () { - it('Should check when removing a video') - }) - - describe('When reporting abuse on a video', async function () { - it('Should check when reporting a video abuse') - }) - - after(async function () { - killallServers([ server ]) - - // Keep the logs if the test failed - if (this['ok']) { - await flushTests() - } - }) -}) diff --git a/server/tests/api/check-params/request-schedulers.ts b/server/tests/api/check-params/request-schedulers.ts deleted file mode 100644 index 01a54ffa1..000000000 --- a/server/tests/api/check-params/request-schedulers.ts +++ /dev/null @@ -1,65 +0,0 @@ -/* tslint:disable:no-unused-expression */ - -import * as request from 'supertest' -import 'mocha' - -import { - flushTests, - runServer, - createUser, - setAccessTokensToServers, - killallServers, - getUserAccessToken -} from '../../utils' - -describe('Test request schedulers stats API validators', function () { - const path = '/api/v1/request-schedulers/stats' - let server = null - let userAccessToken = null - - // --------------------------------------------------------------- - - before(async function () { - this.timeout(60000) - - await flushTests() - - server = await runServer(1) - await setAccessTokensToServers([ server ]) - - const username = 'user' - const password = 'my super password' - await createUser(server.url, server.accessToken, username, password) - - const user = { - username: 'user', - password: 'my super password' - } - - userAccessToken = await getUserAccessToken(server, user) - }) - - it('Should fail with an non authenticated user', async function () { - await request(server.url) - .get(path) - .set('Accept', 'application/json') - .expect(401) - }) - - it('Should fail with a non admin user', async function () { - await request(server.url) - .get(path) - .set('Authorization', 'Bearer ' + userAccessToken) - .set('Accept', 'application/json') - .expect(403) - }) - - after(async function () { - killallServers([ server ]) - - // Keep the logs if the test failed - if (this['ok']) { - await flushTests() - } - }) -}) diff --git a/server/tests/api/check-params/videos.ts b/server/tests/api/check-params/videos.ts index 5860e9195..7f5609784 100644 --- a/server/tests/api/check-params/videos.ts +++ b/server/tests/api/check-params/videos.ts @@ -473,7 +473,7 @@ describe('Test videos API validator', function () { it('Should fail with a video of another user') - it('Should fail with a video of another pod') + it('Should fail with a video of another server') it('Should succeed with the correct parameters', async function () { const fields = getCompleteVideoUpdateAttributes() @@ -584,7 +584,7 @@ describe('Test videos API validator', function () { it('Should fail with a video of another user') - it('Should fail with a video of another pod') + it('Should fail with a video of another server') it('Should succeed with the correct parameters') }) -- cgit v1.2.3