From 9bd2662976a75d3b03364cdbe6419e57c80f99a6 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Thu, 4 Aug 2016 22:32:36 +0200 Subject: Implement user API (create, update, remove, list) --- server/tests/api/checkParams.js | 268 +++++++++++++++++++++++++++++++++++++--- server/tests/api/users.js | 83 ++++++++++++- server/tests/api/utils.js | 62 +++++++++- 3 files changed, 393 insertions(+), 20 deletions(-) (limited to 'server/tests') diff --git a/server/tests/api/checkParams.js b/server/tests/api/checkParams.js index c1ba9c2c0..bd7227e9c 100644 --- a/server/tests/api/checkParams.js +++ b/server/tests/api/checkParams.js @@ -11,9 +11,8 @@ const utils = require('./utils') describe('Test parameters validator', function () { let server = null - function makePostRequest (path, token, fields, attaches, done, fail) { - let statusCode = 400 - if (fail !== undefined && fail === false) statusCode = 204 + function makePostRequest (path, token, fields, attaches, done, statusCodeExpected) { + if (!statusCodeExpected) statusCodeExpected = 400 const req = request(server.url) .post(path) @@ -38,18 +37,31 @@ describe('Test parameters validator', function () { req.attach(attach, value) }) - req.expect(statusCode, done) + req.expect(statusCodeExpected, done) } - function makePostBodyRequest (path, fields, done, fail) { - let statusCode = 400 - if (fail !== undefined && fail === false) statusCode = 200 + function makePostBodyRequest (path, token, fields, done, statusCodeExpected) { + if (!statusCodeExpected) statusCodeExpected = 400 - request(server.url) + const req = request(server.url) .post(path) .set('Accept', 'application/json') - .send(fields) - .expect(statusCode, done) + + if (token) req.set('Authorization', 'Bearer ' + token) + + req.send(fields).expect(statusCodeExpected, done) + } + + function makePutBodyRequest (path, token, fields, done, statusCodeExpected) { + if (!statusCodeExpected) statusCodeExpected = 400 + + const req = request(server.url) + .put(path) + .set('Accept', 'application/json') + + if (token) req.set('Authorization', 'Bearer ' + token) + + req.send(fields).expect(statusCodeExpected, done) } // --------------------------------------------------------------- @@ -85,21 +97,21 @@ describe('Test parameters validator', function () { describe('When adding a pod', function () { it('Should fail with nothing', function (done) { const data = {} - makePostBodyRequest(path, data, done) + makePostBodyRequest(path, null, data, done) }) it('Should fail without public key', function (done) { const data = { url: 'http://coucou.com' } - makePostBodyRequest(path, data, done) + makePostBodyRequest(path, null, data, done) }) it('Should fail without an url', function (done) { const data = { publicKey: 'mysuperpublickey' } - makePostBodyRequest(path, data, done) + makePostBodyRequest(path, null, data, done) }) it('Should fail with an incorrect url', function (done) { @@ -107,11 +119,11 @@ describe('Test parameters validator', function () { url: 'coucou.com', publicKey: 'mysuperpublickey' } - makePostBodyRequest(path, data, function () { + makePostBodyRequest(path, null, data, function () { data.url = 'http://coucou' - makePostBodyRequest(path, data, function () { + makePostBodyRequest(path, null, data, function () { data.url = 'coucou' - makePostBodyRequest(path, data, done) + makePostBodyRequest(path, null, data, done) }) }) }) @@ -121,7 +133,68 @@ describe('Test parameters validator', function () { url: 'http://coucou.com', publicKey: 'mysuperpublickey' } - makePostBodyRequest(path, data, done, false) + makePostBodyRequest(path, null, data, done, 200) + }) + }) + + describe('For the friends API', function () { + let userAccessToken = null + + before(function (done) { + utils.createUser(server.url, server.accessToken, 'user1', 'password', function () { + server.user = { + username: 'user1', + password: 'password' + } + + utils.loginAndGetAccessToken(server, function (err, accessToken) { + if (err) throw err + + userAccessToken = accessToken + + done() + }) + }) + }) + + describe('When making friends', function () { + it('Should fail with a invalid token', function (done) { + request(server.url) + .get(path + '/makefriends') + .query({ start: 'hello' }) + .set('Authorization', 'Bearer faketoken') + .set('Accept', 'application/json') + .expect(401, done) + }) + + it('Should fail if the user is not an administrator', function (done) { + request(server.url) + .get(path + '/makefriends') + .query({ start: 'hello' }) + .set('Authorization', 'Bearer ' + userAccessToken) + .set('Accept', 'application/json') + .expect(403, done) + }) + }) + + describe('When quitting friends', function () { + it('Should fail with a invalid token', function (done) { + request(server.url) + .get(path + '/quitfriends') + .query({ start: 'hello' }) + .set('Authorization', 'Bearer faketoken') + .set('Accept', 'application/json') + .expect(401, done) + }) + + it('Should fail if the user is not an administrator', function (done) { + request(server.url) + .get(path + '/quitfriends') + .query({ start: 'hello' }) + .set('Authorization', 'Bearer ' + userAccessToken) + .set('Accept', 'application/json') + .expect(403, done) + }) }) }) }) @@ -361,7 +434,7 @@ describe('Test parameters validator', function () { attach.videofile = pathUtils.join(__dirname, 'fixtures', 'video_short.mp4') makePostRequest(path, server.accessToken, data, attach, function () { attach.videofile = pathUtils.join(__dirname, 'fixtures', 'video_short.ogv') - makePostRequest(path, server.accessToken, data, attach, done, false) + makePostRequest(path, server.accessToken, data, attach, done, 204) }, false) }, false) }) @@ -429,6 +502,165 @@ describe('Test parameters validator', function () { }) }) + describe('Of the users API', function () { + const path = '/api/v1/users/' + + describe('When adding a new user', function () { + it('Should fail with a too small username', function (done) { + const data = { + username: 'ji', + password: 'mysuperpassword' + } + + makePostBodyRequest(path, server.accessToken, data, done) + }) + + it('Should fail with a too long username', function (done) { + const data = { + username: 'mysuperusernamewhichisverylong', + password: 'mysuperpassword' + } + + makePostBodyRequest(path, server.accessToken, data, done) + }) + + it('Should fail with an incorrect username', function (done) { + const data = { + username: 'my username', + password: 'mysuperpassword' + } + + makePostBodyRequest(path, server.accessToken, data, done) + }) + + it('Should fail with a too small password', function (done) { + const data = { + username: 'myusername', + password: 'bla' + } + + makePostBodyRequest(path, server.accessToken, data, done) + }) + + it('Should fail with a too long password', function (done) { + const data = { + username: 'myusername', + password: 'my super long password which is very very very very very very very very very very very very very very' + + 'very very very very very very very very very very very very very very very veryv very very very very' + + 'very very very very very very very very very very very very very very very very very very very very long' + } + + makePostBodyRequest(path, server.accessToken, data, done) + }) + + it('Should fail with an non authenticated user', function (done) { + const data = { + username: 'myusername', + password: 'my super password' + } + + makePostBodyRequest(path, 'super token', data, done, 401) + }) + + it('Should succeed with the correct params', function (done) { + const data = { + username: 'user1', + password: 'my super password' + } + + makePostBodyRequest(path, server.accessToken, data, done, 204) + }) + + it('Should fail with a non admin user', function (done) { + server.user = { + username: 'user1', + password: 'my super password' + } + + utils.loginAndGetAccessToken(server, function (err, accessToken) { + if (err) throw err + + const data = { + username: 'user2', + password: 'my super password' + } + + makePostBodyRequest(path, accessToken, data, done, 403) + }) + }) + }) + + describe('When updating a user', function () { + let userId = null + + before(function (done) { + utils.getUsersList(server.url, function (err, res) { + if (err) throw err + + userId = res.body.data[1].id + done() + }) + }) + + it('Should fail with a too small password', function (done) { + const data = { + password: 'bla' + } + + makePutBodyRequest(path + '/' + userId, server.accessToken, data, done) + }) + + it('Should fail with a too long password', function (done) { + const data = { + password: 'my super long password which is very very very very very very very very very very very very very very' + + 'very very very very very very very very very very very very very very very veryv very very very very' + + 'very very very very very very very very very very very very very very very very very very very very long' + } + + makePutBodyRequest(path + '/' + userId, server.accessToken, data, done) + }) + + it('Should fail with an non authenticated user', function (done) { + const data = { + password: 'my super password' + } + + makePutBodyRequest(path + '/' + userId, 'super token', data, done, 401) + }) + + it('Should succeed with the correct params', function (done) { + const data = { + password: 'my super password' + } + + makePutBodyRequest(path + '/' + userId, server.accessToken, data, done, 204) + }) + }) + + describe('When removing an user', function () { + it('Should fail with an incorrect username', function (done) { + request(server.url) + .delete(path + 'bla-bla') + .set('Authorization', 'Bearer ' + server.accessToken) + .expect(400, done) + }) + + it('Should return 404 with a non existing username', function (done) { + request(server.url) + .delete(path + 'qzzerg') + .set('Authorization', 'Bearer ' + server.accessToken) + .expect(404, done) + }) + + it('Should success with the correct parameters', function (done) { + request(server.url) + .delete(path + 'user1') + .set('Authorization', 'Bearer ' + server.accessToken) + .expect(204, done) + }) + }) + }) + describe('Of the remote videos API', function () { describe('When making a secure request', function () { it('Should check a secure request') diff --git a/server/tests/api/users.js b/server/tests/api/users.js index 68ba9de33..c711d6b64 100644 --- a/server/tests/api/users.js +++ b/server/tests/api/users.js @@ -13,7 +13,9 @@ const utils = require('./utils') describe('Test users', function () { let server = null let accessToken = null - let videoId + let accessTokenUser = null + let videoId = null + let userId = null before(function (done) { this.timeout(20000) @@ -158,6 +160,85 @@ describe('Test users', function () { it('Should be able to upload a video again') + it('Should be able to create a new user', function (done) { + utils.createUser(server.url, accessToken, 'user_1', 'super password', done) + }) + + it('Should be able to login with this user', function (done) { + server.user = { + username: 'user_1', + password: 'super password' + } + + utils.loginAndGetAccessToken(server, function (err, token) { + if (err) throw err + + accessTokenUser = token + + done() + }) + }) + + it('Should be able to upload a video with this user', function (done) { + this.timeout(5000) + + const name = 'my super name' + const description = 'my super description' + const tags = [ 'tag1', 'tag2', 'tag3' ] + const file = 'video_short.webm' + utils.uploadVideo(server.url, accessTokenUser, name, description, tags, file, done) + }) + + it('Should list all the users', function (done) { + utils.getUsersList(server.url, function (err, res) { + if (err) throw err + + const users = res.body.data + + expect(users).to.be.an('array') + expect(users.length).to.equal(2) + + const rootUser = users[0] + expect(rootUser.username).to.equal('root') + + const user = users[1] + expect(user.username).to.equal('user_1') + userId = user.id + + done() + }) + }) + + it('Should update the user password', function (done) { + utils.updateUser(server.url, userId, accessTokenUser, 'new password', function (err, res) { + if (err) throw err + + server.user.password = 'new password' + utils.login(server.url, server.client, server.user, 200, done) + }) + }) + + it('Should be able to remove this user', function (done) { + utils.removeUser(server.url, accessToken, 'user_1', done) + }) + + it('Should not be able to login with this user', function (done) { + // server.user is already set to user 1 + utils.login(server.url, server.client, server.user, 400, done) + }) + + it('Should not have videos of this user', function (done) { + utils.getVideosList(server.url, function (err, res) { + if (err) throw err + + expect(res.body.total).to.equal(1) + const video = res.body.data[0] + expect(video.author).to.equal('root') + + done() + }) + }) + after(function (done) { process.kill(-server.app.pid) diff --git a/server/tests/api/utils.js b/server/tests/api/utils.js index 3cc769f26..f34b81e4a 100644 --- a/server/tests/api/utils.js +++ b/server/tests/api/utils.js @@ -8,11 +8,13 @@ const pathUtils = require('path') const request = require('supertest') const testUtils = { + createUser: createUser, dateIsValid: dateIsValid, flushTests: flushTests, getAllVideosListBy: getAllVideosListBy, getClient: getClient, getFriendsList: getFriendsList, + getUsersList: getUsersList, getVideo: getVideo, getVideosList: getVideosList, getVideosListPagination: getVideosListPagination, @@ -21,6 +23,7 @@ const testUtils = { loginAndGetAccessToken: loginAndGetAccessToken, makeFriends: makeFriends, quitFriends: quitFriends, + removeUser: removeUser, removeVideo: removeVideo, flushAndRunMultipleServers: flushAndRunMultipleServers, runServer: runServer, @@ -28,11 +31,29 @@ const testUtils = { searchVideoWithPagination: searchVideoWithPagination, searchVideoWithSort: searchVideoWithSort, testImage: testImage, - uploadVideo: uploadVideo + uploadVideo: uploadVideo, + updateUser: updateUser } // ---------------------- Export functions -------------------- +function createUser (url, accessToken, username, password, specialStatus, end) { + if (!end) { + end = specialStatus + specialStatus = 204 + } + + const path = '/api/v1/users' + + request(url) + .post(path) + .set('Accept', 'application/json') + .set('Authorization', 'Bearer ' + accessToken) + .send({ username: username, password: password }) + .expect(specialStatus) + .end(end) +} + function dateIsValid (dateString) { const dateToCheck = new Date(dateString) const now = new Date() @@ -72,6 +93,17 @@ function getClient (url, end) { .end(end) } +function getUsersList (url, end) { + const path = '/api/v1/users' + + request(url) + .get(path) + .set('Accept', 'application/json') + .expect(200) + .expect('Content-Type', /json/) + .end(end) +} + function getFriendsList (url, end) { const path = '/api/v1/pods/' @@ -209,6 +241,22 @@ function quitFriends (url, accessToken, expectedStatus, callback) { }) } +function removeUser (url, token, username, expectedStatus, end) { + if (!end) { + end = expectedStatus + expectedStatus = 204 + } + + const path = '/api/v1/users' + + request(url) + .delete(path + '/' + username) + .set('Accept', 'application/json') + .set('Authorization', 'Bearer ' + token) + .expect(expectedStatus) + .end(end) +} + function removeVideo (url, token, id, expectedStatus, end) { if (!end) { end = expectedStatus @@ -414,6 +462,18 @@ function uploadVideo (url, accessToken, name, description, tags, fixture, specia .end(end) } +function updateUser (url, userId, accessToken, newPassword, end) { + const path = '/api/v1/users/' + userId + + request(url) + .put(path) + .set('Accept', 'application/json') + .set('Authorization', 'Bearer ' + accessToken) + .send({ password: newPassword }) + .expect(200) + .end(end) +} + // --------------------------------------------------------------------------- module.exports = testUtils -- cgit v1.2.3