Implement user API (create, update, remove, list)

2025-10-06 03:50:26 +02:00 · 2016-08-04 22:32:36 +02:00 · 2016-08-04 22:32:36 +02:00 · 9bd2662976
commit 9bd2662976
parent e4c556196d
16 changed files with 688 additions and 47 deletions
--- a/server/tests/api/checkParams.js
+++ b/server/tests/api/checkParams.js
@ -11,9 +11,8 @@ const utils = require('./utils')
 describe('Test parameters validator', function () {
  let server = null

-  function makePostRequest (path, token, fields, attaches, done, fail) {
-    let statusCode = 400
-    if (fail !== undefined && fail === false) statusCode = 204
+  function makePostRequest (path, token, fields, attaches, done, statusCodeExpected) {
+    if (!statusCodeExpected) statusCodeExpected = 400

    const req = request(server.url)
      .post(path)
@ -38,18 +37,31 @@ describe('Test parameters validator', function () {
      req.attach(attach, value)
    })

-    req.expect(statusCode, done)
+    req.expect(statusCodeExpected, done)
  }

-  function makePostBodyRequest (path, fields, done, fail) {
-    let statusCode = 400
-    if (fail !== undefined && fail === false) statusCode = 200
+  function makePostBodyRequest (path, token, fields, done, statusCodeExpected) {
+    if (!statusCodeExpected) statusCodeExpected = 400

-    request(server.url)
+    const req = request(server.url)
      .post(path)
      .set('Accept', 'application/json')
-      .send(fields)
-      .expect(statusCode, done)
+
+    if (token) req.set('Authorization', 'Bearer ' + token)
+
+    req.send(fields).expect(statusCodeExpected, done)
+  }
+
+  function makePutBodyRequest (path, token, fields, done, statusCodeExpected) {
+    if (!statusCodeExpected) statusCodeExpected = 400
+
+    const req = request(server.url)
+      .put(path)
+      .set('Accept', 'application/json')
+
+    if (token) req.set('Authorization', 'Bearer ' + token)
+
+    req.send(fields).expect(statusCodeExpected, done)
  }

  // ---------------------------------------------------------------
@ -85,21 +97,21 @@ describe('Test parameters validator', function () {
    describe('When adding a pod', function () {
      it('Should fail with nothing', function (done) {
        const data = {}
-        makePostBodyRequest(path, data, done)
+        makePostBodyRequest(path, null, data, done)
      })

      it('Should fail without public key', function (done) {
        const data = {
          url: 'http://coucou.com'
        }
-        makePostBodyRequest(path, data, done)
+        makePostBodyRequest(path, null, data, done)
      })

      it('Should fail without an url', function (done) {
        const data = {
          publicKey: 'mysuperpublickey'
        }
-        makePostBodyRequest(path, data, done)
+        makePostBodyRequest(path, null, data, done)
      })

      it('Should fail with an incorrect url', function (done) {
@ -107,11 +119,11 @@ describe('Test parameters validator', function () {
          url: 'coucou.com',
          publicKey: 'mysuperpublickey'
        }
-        makePostBodyRequest(path, data, function () {
+        makePostBodyRequest(path, null, data, function () {
          data.url = 'http://coucou'
-          makePostBodyRequest(path, data, function () {
+          makePostBodyRequest(path, null, data, function () {
            data.url = 'coucou'
-            makePostBodyRequest(path, data, done)
+            makePostBodyRequest(path, null, data, done)
          })
        })
      })
@ -121,7 +133,68 @@ describe('Test parameters validator', function () {
          url: 'http://coucou.com',
          publicKey: 'mysuperpublickey'
        }
-        makePostBodyRequest(path, data, done, false)
+        makePostBodyRequest(path, null, data, done, 200)
+      })
+    })
+
+    describe('For the friends API', function () {
+      let userAccessToken = null
+
+      before(function (done) {
+        utils.createUser(server.url, server.accessToken, 'user1', 'password', function () {
+          server.user = {
+            username: 'user1',
+            password: 'password'
+          }
+
+          utils.loginAndGetAccessToken(server, function (err, accessToken) {
+            if (err) throw err
+
+            userAccessToken = accessToken
+
+            done()
+          })
+        })
+      })
+
+      describe('When making friends', function () {
+        it('Should fail with a invalid token', function (done) {
+          request(server.url)
+            .get(path + '/makefriends')
+            .query({ start: 'hello' })
+            .set('Authorization', 'Bearer faketoken')
+            .set('Accept', 'application/json')
+            .expect(401, done)
+        })
+
+        it('Should fail if the user is not an administrator', function (done) {
+          request(server.url)
+            .get(path + '/makefriends')
+            .query({ start: 'hello' })
+            .set('Authorization', 'Bearer ' + userAccessToken)
+            .set('Accept', 'application/json')
+            .expect(403, done)
+        })
+      })
+
+      describe('When quitting friends', function () {
+        it('Should fail with a invalid token', function (done) {
+          request(server.url)
+            .get(path + '/quitfriends')
+            .query({ start: 'hello' })
+            .set('Authorization', 'Bearer faketoken')
+            .set('Accept', 'application/json')
+            .expect(401, done)
+        })
+
+        it('Should fail if the user is not an administrator', function (done) {
+          request(server.url)
+            .get(path + '/quitfriends')
+            .query({ start: 'hello' })
+            .set('Authorization', 'Bearer ' + userAccessToken)
+            .set('Accept', 'application/json')
+            .expect(403, done)
+        })
      })
    })
  })
@ -361,7 +434,7 @@ describe('Test parameters validator', function () {
          attach.videofile = pathUtils.join(__dirname, 'fixtures', 'video_short.mp4')
          makePostRequest(path, server.accessToken, data, attach, function () {
            attach.videofile = pathUtils.join(__dirname, 'fixtures', 'video_short.ogv')
-            makePostRequest(path, server.accessToken, data, attach, done, false)
+            makePostRequest(path, server.accessToken, data, attach, done, 204)
          }, false)
        }, false)
      })
@ -429,6 +502,165 @@ describe('Test parameters validator', function () {
    })
  })

+  describe('Of the users API', function () {
+    const path = '/api/v1/users/'
+
+    describe('When adding a new user', function () {
+      it('Should fail with a too small username', function (done) {
+        const data = {
+          username: 'ji',
+          password: 'mysuperpassword'
+        }
+
+        makePostBodyRequest(path, server.accessToken, data, done)
+      })
+
+      it('Should fail with a too long username', function (done) {
+        const data = {
+          username: 'mysuperusernamewhichisverylong',
+          password: 'mysuperpassword'
+        }
+
+        makePostBodyRequest(path, server.accessToken, data, done)
+      })
+
+      it('Should fail with an incorrect username', function (done) {
+        const data = {
+          username: 'my username',
+          password: 'mysuperpassword'
+        }
+
+        makePostBodyRequest(path, server.accessToken, data, done)
+      })
+
+      it('Should fail with a too small password', function (done) {
+        const data = {
+          username: 'myusername',
+          password: 'bla'
+        }
+
+        makePostBodyRequest(path, server.accessToken, data, done)
+      })
+
+      it('Should fail with a too long password', function (done) {
+        const data = {
+          username: 'myusername',
+          password: 'my super long password which is very very very very very very very very very very very very very very' +
+                    'very very very very very very very very very very very very very very very veryv very very very very' +
+                    'very very very very very very very very very very very very very very very very very very very very long'
+        }
+
+        makePostBodyRequest(path, server.accessToken, data, done)
+      })
+
+      it('Should fail with an non authenticated user', function (done) {
+        const data = {
+          username: 'myusername',
+          password: 'my super password'
+        }
+
+        makePostBodyRequest(path, 'super token', data, done, 401)
+      })
+
+      it('Should succeed with the correct params', function (done) {
+        const data = {
+          username: 'user1',
+          password: 'my super password'
+        }
+
+        makePostBodyRequest(path, server.accessToken, data, done, 204)
+      })
+
+      it('Should fail with a non admin user', function (done) {
+        server.user = {
+          username: 'user1',
+          password: 'my super password'
+        }
+
+        utils.loginAndGetAccessToken(server, function (err, accessToken) {
+          if (err) throw err
+
+          const data = {
+            username: 'user2',
+            password: 'my super password'
+          }
+
+          makePostBodyRequest(path, accessToken, data, done, 403)
+        })
+      })
+    })
+
+    describe('When updating a user', function () {
+      let userId = null
+
+      before(function (done) {
+        utils.getUsersList(server.url, function (err, res) {
+          if (err) throw err
+
+          userId = res.body.data[1].id
+          done()
+        })
+      })
+
+      it('Should fail with a too small password', function (done) {
+        const data = {
+          password: 'bla'
+        }
+
+        makePutBodyRequest(path + '/' + userId, server.accessToken, data, done)
+      })
+
+      it('Should fail with a too long password', function (done) {
+        const data = {
+          password: 'my super long password which is very very very very very very very very very very very very very very' +
+                    'very very very very very very very very very very very very very very very veryv very very very very' +
+                    'very very very very very very very very very very very very very very very very very very very very long'
+        }
+
+        makePutBodyRequest(path + '/' + userId, server.accessToken, data, done)
+      })
+
+      it('Should fail with an non authenticated user', function (done) {
+        const data = {
+          password: 'my super password'
+        }
+
+        makePutBodyRequest(path + '/' + userId, 'super token', data, done, 401)
+      })
+
+      it('Should succeed with the correct params', function (done) {
+        const data = {
+          password: 'my super password'
+        }
+
+        makePutBodyRequest(path + '/' + userId, server.accessToken, data, done, 204)
+      })
+    })
+
+    describe('When removing an user', function () {
+      it('Should fail with an incorrect username', function (done) {
+        request(server.url)
+          .delete(path + 'bla-bla')
+          .set('Authorization', 'Bearer ' + server.accessToken)
+          .expect(400, done)
+      })
+
+      it('Should return 404 with a non existing username', function (done) {
+        request(server.url)
+          .delete(path + 'qzzerg')
+          .set('Authorization', 'Bearer ' + server.accessToken)
+          .expect(404, done)
+      })
+
+      it('Should success with the correct parameters', function (done) {
+        request(server.url)
+          .delete(path + 'user1')
+          .set('Authorization', 'Bearer ' + server.accessToken)
+          .expect(204, done)
+      })
+    })
+  })
+
  describe('Of the remote videos API', function () {
    describe('When making a secure request', function () {
      it('Should check a secure request')
--- a/server/tests/api/users.js
+++ b/server/tests/api/users.js
@ -13,7 +13,9 @@ const utils = require('./utils')
 describe('Test users', function () {
  let server = null
  let accessToken = null
-  let videoId
+  let accessTokenUser = null
+  let videoId = null
+  let userId = null

  before(function (done) {
    this.timeout(20000)
@ -158,6 +160,85 @@ describe('Test users', function () {

  it('Should be able to upload a video again')

+  it('Should be able to create a new user', function (done) {
+    utils.createUser(server.url, accessToken, 'user_1', 'super password', done)
+  })
+
+  it('Should be able to login with this user', function (done) {
+    server.user = {
+      username: 'user_1',
+      password: 'super password'
+    }
+
+    utils.loginAndGetAccessToken(server, function (err, token) {
+      if (err) throw err
+
+      accessTokenUser = token
+
+      done()
+    })
+  })
+
+  it('Should be able to upload a video with this user', function (done) {
+    this.timeout(5000)
+
+    const name = 'my super name'
+    const description = 'my super description'
+    const tags = [ 'tag1', 'tag2', 'tag3' ]
+    const file = 'video_short.webm'
+    utils.uploadVideo(server.url, accessTokenUser, name, description, tags, file, done)
+  })
+
+  it('Should list all the users', function (done) {
+    utils.getUsersList(server.url, function (err, res) {
+      if (err) throw err
+
+      const users = res.body.data
+
+      expect(users).to.be.an('array')
+      expect(users.length).to.equal(2)
+
+      const rootUser = users[0]
+      expect(rootUser.username).to.equal('root')
+
+      const user = users[1]
+      expect(user.username).to.equal('user_1')
+      userId = user.id
+
+      done()
+    })
+  })
+
+  it('Should update the user password', function (done) {
+    utils.updateUser(server.url, userId, accessTokenUser, 'new password', function (err, res) {
+      if (err) throw err
+
+      server.user.password = 'new password'
+      utils.login(server.url, server.client, server.user, 200, done)
+    })
+  })
+
+  it('Should be able to remove this user', function (done) {
+    utils.removeUser(server.url, accessToken, 'user_1', done)
+  })
+
+  it('Should not be able to login with this user', function (done) {
+    // server.user is already set to user 1
+    utils.login(server.url, server.client, server.user, 400, done)
+  })
+
+  it('Should not have videos of this user', function (done) {
+    utils.getVideosList(server.url, function (err, res) {
+      if (err) throw err
+
+      expect(res.body.total).to.equal(1)
+      const video = res.body.data[0]
+      expect(video.author).to.equal('root')
+
+      done()
+    })
+  })
+
  after(function (done) {
    process.kill(-server.app.pid)

--- a/server/tests/api/utils.js
+++ b/server/tests/api/utils.js
@ -8,11 +8,13 @@ const pathUtils = require('path')
 const request = require('supertest')

 const testUtils = {
+  createUser: createUser,
  dateIsValid: dateIsValid,
  flushTests: flushTests,
  getAllVideosListBy: getAllVideosListBy,
  getClient: getClient,
  getFriendsList: getFriendsList,
+  getUsersList: getUsersList,
  getVideo: getVideo,
  getVideosList: getVideosList,
  getVideosListPagination: getVideosListPagination,
@ -21,6 +23,7 @@ const testUtils = {
  loginAndGetAccessToken: loginAndGetAccessToken,
  makeFriends: makeFriends,
  quitFriends: quitFriends,
+  removeUser: removeUser,
  removeVideo: removeVideo,
  flushAndRunMultipleServers: flushAndRunMultipleServers,
  runServer: runServer,
@ -28,11 +31,29 @@ const testUtils = {
  searchVideoWithPagination: searchVideoWithPagination,
  searchVideoWithSort: searchVideoWithSort,
  testImage: testImage,
-  uploadVideo: uploadVideo
+  uploadVideo: uploadVideo,
+  updateUser: updateUser
 }

 // ---------------------- Export functions --------------------

+function createUser (url, accessToken, username, password, specialStatus, end) {
+  if (!end) {
+    end = specialStatus
+    specialStatus = 204
+  }
+
+  const path = '/api/v1/users'
+
+  request(url)
+    .post(path)
+    .set('Accept', 'application/json')
+    .set('Authorization', 'Bearer ' + accessToken)
+    .send({ username: username, password: password })
+    .expect(specialStatus)
+    .end(end)
+}
+
 function dateIsValid (dateString) {
  const dateToCheck = new Date(dateString)
  const now = new Date()
@ -72,6 +93,17 @@ function getClient (url, end) {
    .end(end)
 }

+function getUsersList (url, end) {
+  const path = '/api/v1/users'
+
+  request(url)
+    .get(path)
+    .set('Accept', 'application/json')
+    .expect(200)
+    .expect('Content-Type', /json/)
+    .end(end)
+}
+
 function getFriendsList (url, end) {
  const path = '/api/v1/pods/'

@ -209,6 +241,22 @@ function quitFriends (url, accessToken, expectedStatus, callback) {
    })
 }

+function removeUser (url, token, username, expectedStatus, end) {
+  if (!end) {
+    end = expectedStatus
+    expectedStatus = 204
+  }
+
+  const path = '/api/v1/users'
+
+  request(url)
+    .delete(path + '/' + username)
+    .set('Accept', 'application/json')
+    .set('Authorization', 'Bearer ' + token)
+    .expect(expectedStatus)
+    .end(end)
+}
+
 function removeVideo (url, token, id, expectedStatus, end) {
  if (!end) {
    end = expectedStatus
@ -414,6 +462,18 @@ function uploadVideo (url, accessToken, name, description, tags, fixture, specia
     .end(end)
 }

+function updateUser (url, userId, accessToken, newPassword, end) {
+  const path = '/api/v1/users/' + userId
+
+  request(url)
+    .put(path)
+    .set('Accept', 'application/json')
+    .set('Authorization', 'Bearer ' + accessToken)
+    .send({ password: newPassword })
+    .expect(200)
+    .end(end)
+}
+
 // ---------------------------------------------------------------------------

 module.exports = testUtils