1
0
Fork 0

Improve check follow params tests

This commit is contained in:
Chocobozzz 2017-12-28 14:29:57 +01:00
parent c5d31dba56
commit eec63bbc0f
No known key found for this signature in database
GPG key ID: 583A612D890159BE
21 changed files with 232 additions and 150 deletions

View file

@ -17,7 +17,11 @@ function authenticate (req: express.Request, res: express.Response, next: expres
return res.sendStatus(500)
}
if (res.statusCode === 401 || res.statusCode === 400 || res.statusCode === 503) return res.end()
if (res.statusCode === 401 || res.statusCode === 400 || res.statusCode === 503) {
return res.json({
error: 'Authentication failed.'
}).end()
}
return next()
})

View file

@ -8,8 +8,14 @@ function ensureUserHasRight (userRight: UserRight) {
return function (req: express.Request, res: express.Response, next: express.NextFunction) {
const user = res.locals.oauth.token.user as UserModel
if (user.hasRight(userRight) === false) {
logger.info('User %s does not have right %s to access to %s.', user.username, UserRight[userRight], req.path)
return res.sendStatus(403)
const message = `User ${user.username} does not have right ${UserRight[userRight]} to access to ${req.path}.`
logger.info(message)
return res.status(403)
.json({
error: message
})
.end()
}
return next()

View file

@ -41,7 +41,11 @@ const removeFollowingValidator = [
const follow = await ActorFollowModel.loadByActorAndTargetHost(serverActor.id, req.params.host)
if (!follow) {
return res.status(404)
return res
.status(404)
.json({
error: `Follower ${req.params.host} not found.`
})
.end()
}

View file

@ -4,14 +4,10 @@ import 'mocha'
import * as request from 'supertest'
import {
createUser,
flushTests,
killallServers,
loginAndGetAccessToken,
runServer,
ServerInfo,
setAccessTokensToServers
createUser, flushTests, killallServers, makeDeleteRequest, makePostBodyRequest, runServer, ServerInfo, setAccessTokensToServers,
userLogin
} from '../../utils'
import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '../../utils/requests/check-api-params'
describe('Test server follows API validators', function () {
let server: ServerInfo
@ -19,7 +15,7 @@ describe('Test server follows API validators', function () {
// ---------------------------------------------------------------
before(async function () {
this.timeout(45000)
this.timeout(20000)
await flushTests()
server = await runServer(1)
@ -31,81 +27,85 @@ describe('Test server follows API validators', function () {
let userAccessToken = null
before(async function () {
await createUser(server.url, server.accessToken, 'user1', 'password')
server.user = {
const user = {
username: 'user1',
password: 'password'
}
userAccessToken = await loginAndGetAccessToken(server)
await createUser(server.url, server.accessToken, user.username, user.password)
userAccessToken = await userLogin(server, user)
})
describe('When adding follows', function () {
const path = '/api/v1/server/following'
const body = {
hosts: [ 'localhost:9002' ]
}
it('Should fail without hosts', async function () {
await request(server.url)
.post(path)
.set('Authorization', 'Bearer ' + server.accessToken)
.set('Accept', 'application/json')
.expect(400)
await makePostBodyRequest({
url: server.url,
path,
token: server.accessToken,
statusCodeExpected: 400
})
})
it('Should fail if hosts is not an array', async function () {
await request(server.url)
.post(path)
.send({ hosts: 'localhost:9002' })
.set('Authorization', 'Bearer ' + server.accessToken)
.set('Accept', 'application/json')
.expect(400)
await makePostBodyRequest({
url: server.url,
path,
token: server.accessToken,
fields: { hosts: 'localhost:9002' },
statusCodeExpected: 400
})
})
it('Should fail if the array is not composed by hosts', async function () {
await request(server.url)
.post(path)
.send({ hosts: [ 'localhost:9002', 'localhost:coucou' ] })
.set('Authorization', 'Bearer ' + server.accessToken)
.set('Accept', 'application/json')
.expect(400)
await makePostBodyRequest({
url: server.url,
path,
fields: { hosts: [ 'localhost:9002', 'localhost:coucou' ] },
token: server.accessToken,
statusCodeExpected: 400
})
})
it('Should fail if the array is composed with http schemes', async function () {
await request(server.url)
.post(path)
.send({ hosts: [ 'localhost:9002', 'http://localhost:9003' ] })
.set('Authorization', 'Bearer ' + server.accessToken)
.set('Accept', 'application/json')
.expect(400)
await makePostBodyRequest({
url: server.url,
path,
fields: { hosts: [ 'localhost:9002', 'http://localhost:9003' ] },
token: server.accessToken,
statusCodeExpected: 400
})
})
it('Should fail if hosts are not unique', async function () {
await request(server.url)
.post(path)
.send({ urls: [ 'localhost:9002', 'localhost:9002' ] })
.set('Authorization', 'Bearer ' + server.accessToken)
.set('Accept', 'application/json')
.expect(400)
await makePostBodyRequest({
url: server.url,
path,
fields: { urls: [ 'localhost:9002', 'localhost:9002' ] },
token: server.accessToken,
statusCodeExpected: 400
})
})
it('Should fail with an invalid token', async function () {
await request(server.url)
.post(path)
.send(body)
.set('Authorization', 'Bearer fake_token')
.set('Accept', 'application/json')
.expect(401)
await makePostBodyRequest({
url: server.url,
path,
fields: { hosts: [ 'localhost:9002' ] },
token: 'fake_token',
statusCodeExpected: 401
})
})
it('Should fail if the user is not an administrator', async function () {
await request(server.url)
.post(path)
.send(body)
.set('Authorization', 'Bearer ' + userAccessToken)
.set('Accept', 'application/json')
.expect(403)
await makePostBodyRequest({
url: server.url,
path,
fields: { hosts: [ 'localhost:9002' ] },
token: userAccessToken,
statusCodeExpected: 403
})
})
})
@ -113,27 +113,15 @@ describe('Test server follows API validators', function () {
const path = '/api/v1/server/following'
it('Should fail with a bad start pagination', async function () {
await request(server.url)
.get(path)
.query({ start: 'hello' })
.set('Accept', 'application/json')
.expect(400)
await checkBadStartPagination(server.url, path)
})
it('Should fail with a bad count pagination', async function () {
await request(server.url)
.get(path)
.query({ count: 'hello' })
.set('Accept', 'application/json')
.expect(400)
await checkBadCountPagination(server.url, path)
})
it('Should fail with an incorrect sort', async function () {
await request(server.url)
.get(path)
.query({ sort: 'hello' })
.set('Accept', 'application/json')
.expect(400)
await checkBadSortPagination(server.url, path)
})
})
@ -141,27 +129,15 @@ describe('Test server follows API validators', function () {
const path = '/api/v1/server/followers'
it('Should fail with a bad start pagination', async function () {
await request(server.url)
.get(path)
.query({ start: 'hello' })
.set('Accept', 'application/json')
.expect(400)
await checkBadStartPagination(server.url, path)
})
it('Should fail with a bad count pagination', async function () {
await request(server.url)
.get(path)
.query({ count: 'hello' })
.set('Accept', 'application/json')
.expect(400)
await checkBadCountPagination(server.url, path)
})
it('Should fail with an incorrect sort', async function () {
await request(server.url)
.get(path)
.query({ sort: 'hello' })
.set('Accept', 'application/json')
.expect(400)
await checkBadSortPagination(server.url, path)
})
})
@ -169,30 +145,40 @@ describe('Test server follows API validators', function () {
const path = '/api/v1/server/following'
it('Should fail with an invalid token', async function () {
await request(server.url)
.delete(path + '/1')
.set('Authorization', 'Bearer faketoken')
.set('Accept', 'application/json')
.expect(401)
await makeDeleteRequest({
url: server.url,
path: path + '/localhost:9002',
token: 'fake_token',
statusCodeExpected: 401
})
})
it('Should fail if the user is not an administrator', async function () {
await request(server.url)
.delete(path + '/1')
.set('Authorization', 'Bearer ' + userAccessToken)
.set('Accept', 'application/json')
.expect(403)
await makeDeleteRequest({
url: server.url,
path: path + '/localhost:9002',
token: userAccessToken,
statusCodeExpected: 403
})
})
it('Should fail we do not follow this server', async function () {
await request(server.url)
.delete(path + '/example.com')
.set('Authorization', 'Bearer ' + server.accessToken)
.set('Accept', 'application/json')
.expect(404)
it('Should fail if we do not follow this server', async function () {
await makeDeleteRequest({
url: server.url,
path: path + '/example.com',
token: server.accessToken,
statusCodeExpected: 404
})
})
it('Should succeed with the correct parameters')
it('Should succeed with the correct parameters', async function () {
await makeDeleteRequest({
url: server.url,
path: path + '/localhost:9002',
token: server.accessToken,
statusCodeExpected: 404
})
})
})
})

View file

@ -3,7 +3,7 @@
import 'mocha'
import * as request from 'supertest'
import { createUser, flushTests, getUserAccessToken, killallServers, runServer, ServerInfo, setAccessTokensToServers } from '../../utils'
import { createUser, flushTests, userLogin, killallServers, runServer, ServerInfo, setAccessTokensToServers } from '../../utils'
describe('Test jobs API validators', function () {
const path = '/api/v1/jobs/'
@ -26,7 +26,7 @@ describe('Test jobs API validators', function () {
password: 'my super password'
}
await createUser(server.url, server.accessToken, user.username, user.password)
userAccessToken = await getUserAccessToken(server, user)
userAccessToken = await userLogin(server, user)
})
describe('When listing jobs', function () {

View file

@ -11,13 +11,13 @@ import {
getVideosList,
makePutBodyRequest,
createUser,
loginAndGetAccessToken,
serverLogin,
getUsersList,
registerUser,
setAccessTokensToServers,
killallServers,
makePostBodyRequest,
getUserAccessToken
userLogin
} from '../../utils'
import { UserRole } from '../../../../shared'
@ -58,7 +58,7 @@ describe('Test users API validators', function () {
username: 'user1',
password: 'my super password'
}
userAccessToken = await getUserAccessToken(server, user)
userAccessToken = await userLogin(server, user)
})
describe('When listing users', function () {
@ -304,7 +304,7 @@ describe('Test users API validators', function () {
password: 'my super password'
}
userAccessToken = await loginAndGetAccessToken(server)
userAccessToken = await serverLogin(server)
const fields = {
username: 'user3',
email: 'test@example.com',
@ -675,7 +675,7 @@ describe('Test users API validators', function () {
email: 'test3@example.com',
password: 'my super password'
}
userAccessToken = await loginAndGetAccessToken(server)
userAccessToken = await serverLogin(server)
const videoAttributes = { fixture: 'video_short2.webm' }
await uploadVideo(server.url, userAccessToken, videoAttributes)

View file

@ -13,7 +13,7 @@ import {
setAccessTokensToServers,
killallServers,
makePostBodyRequest,
getUserAccessToken
userLogin
} from '../../utils'
describe('Test video abuses API validators', function () {
@ -35,7 +35,7 @@ describe('Test video abuses API validators', function () {
const password = 'my super password'
await createUser(server.url, server.accessToken, username, password)
userAccessToken = await getUserAccessToken(server, { username, password })
userAccessToken = await userLogin(server, { username, password })
// Upload a video
const videoAttributes = {}

View file

@ -13,7 +13,7 @@ import {
setAccessTokensToServers,
killallServers,
makePostBodyRequest,
getUserAccessToken
userLogin
} from '../../utils'
describe('Test video blacklist API validators', function () {
@ -34,7 +34,7 @@ describe('Test video blacklist API validators', function () {
const username = 'user1'
const password = 'my super password'
await createUser(server.url, server.accessToken, username, password)
userAccessToken = await getUserAccessToken(server, { username, password })
userAccessToken = await userLogin(server, { username, password })
// Upload a video
const videoAttributes = {}

View file

@ -15,7 +15,7 @@ import {
makePostBodyRequest,
getVideoChannelsList,
createUser,
getUserAccessToken
userLogin
} from '../../utils'
describe('Test videos API validator', function () {
@ -40,7 +40,7 @@ describe('Test videos API validator', function () {
}
await createUser(server.url, server.accessToken, user.username, user.password)
accessTokenUser = await getUserAccessToken(server, user)
accessTokenUser = await userLogin(server, user)
})
describe('When listing a video channels', function () {

View file

@ -17,7 +17,7 @@ import {
makePostUploadRequest,
getMyUserInformation,
createUser,
getUserAccessToken
userLogin
} from '../../utils'
import { VideoPrivacy } from '../../../../shared/models/videos/video-privacy.enum'
@ -260,7 +260,7 @@ describe('Test videos API validator', function () {
}
await createUser(server.url, server.accessToken, user.username, user.password)
const accessTokenUser = await getUserAccessToken(server, user)
const accessTokenUser = await userLogin(server, user)
const res = await getMyUserInformation(server.url, accessTokenUser)
const customChannelId = res.body.videoChannels[0].id

View file

@ -10,7 +10,7 @@ import {
} from '../../utils/index'
import { dateIsValid, webtorrentAdd } from '../../utils/miscs/miscs'
import { follow, getFollowersListPaginationAndSort, getFollowingListPaginationAndSort, unfollow } from '../../utils/server/follows'
import { getUserAccessToken } from '../../utils/users/login'
import { userLogin } from '../../utils/users/login'
import { createUser } from '../../utils/users/users'
import {
addVideoCommentReply, addVideoCommentThread, getVideoCommentThreads,
@ -183,7 +183,7 @@ describe('Test follows', function () {
{
const user = { username: 'captain', password: 'password' }
await createUser(servers[2].url, servers[2].accessToken, user.username, user.password)
const userAccessToken = await getUserAccessToken(servers[2], user)
const userAccessToken = await userLogin(servers[2], user)
const resVideos = await getVideosList(servers[ 2 ].url)
const video4 = resVideos.body.data.find(v => v.name === 'server3-4')

View file

@ -15,7 +15,7 @@ import {
getVideosList,
killallServers,
login,
loginAndGetAccessToken,
serverLogin,
makePutBodyRequest,
rateVideo,
registerUser,
@ -193,7 +193,7 @@ describe('Test users', function () {
password: 'super password'
}
accessTokenUser = await loginAndGetAccessToken(server)
accessTokenUser = await serverLogin(server)
})
it('Should be able to get the user information', async function () {
@ -511,7 +511,7 @@ describe('Test users', function () {
password: 'my super password'
}
accessToken = await loginAndGetAccessToken(server)
accessToken = await serverLogin(server)
})
it('Should have the correct video quota', async function () {

View file

@ -7,7 +7,7 @@ import * as request from 'supertest'
import { VideoComment, VideoCommentThreadTree } from '../../../../shared/models/videos/video-comment.model'
import {
addVideoChannel, dateIsValid, doubleFollow, flushAndRunMultipleServers, flushTests, getUserAccessToken, getVideo,
addVideoChannel, dateIsValid, doubleFollow, flushAndRunMultipleServers, flushTests, userLogin, getVideo,
getVideoChannelsList, getVideosList, killallServers, rateVideo, removeVideo, ServerInfo, setAccessTokensToServers, testVideoImage,
updateVideo, uploadVideo, wait, webtorrentAdd
} from '../../utils/index'
@ -152,7 +152,7 @@ describe('Test multiple servers', function () {
password: 'super_password'
}
await createUser(servers[1].url, servers[1].accessToken, user.username, user.password)
const userAccessToken = await getUserAccessToken(servers[1], user)
const userAccessToken = await userLogin(servers[1], user)
const videoAttributes = {
name: 'my super name for server 2',

View file

@ -14,7 +14,7 @@ import {
wait
} from '../../utils/index'
import { doubleFollow } from '../../utils/server/follows'
import { getUserAccessToken } from '../../utils/users/login'
import { userLogin } from '../../utils/users/login'
import { createUser } from '../../utils/users/users'
import { getMyVideos, getVideo, getVideoWithToken, updateVideo } from '../../utils/videos/videos'
@ -78,7 +78,7 @@ describe('Test video privacy', function () {
}
await createUser(servers[0].url, servers[0].accessToken, user.username, user.password)
const token = await getUserAccessToken(servers[0], user)
const token = await userLogin(servers[0], user)
await getVideoWithToken(servers[0].url, token, privateVideoUUID, 403)
})

View file

@ -9,7 +9,7 @@ import {
ServerInfo,
flushTests,
runServer,
loginAndGetAccessToken,
serverLogin,
uploadVideo,
getVideosList
} from './utils'
@ -23,7 +23,7 @@ describe('Test a client controllers', function () {
await flushTests()
server = await runServer(1)
server.accessToken = await loginAndGetAccessToken(server)
server.accessToken = await serverLogin(server)
const videoAttributes = {
name: 'my super name for server 1',

View file

@ -2,7 +2,7 @@ import * as program from 'commander'
import {
getClient,
loginAndGetAccessToken
serverLogin
} from '../../utils'
program
@ -36,7 +36,7 @@ getClient(program.url)
server.client.id = res.body.client_id
server.client.secret = res.body.client_secret
return loginAndGetAccessToken(server)
return serverLogin(server)
})
.then(accessToken => {
console.log(accessToken)

View file

@ -0,0 +1,36 @@
import { makeGetRequest } from './requests'
function checkBadStartPagination (url: string, path: string) {
return makeGetRequest({
url,
path,
query: { start: 'hello' },
statusCodeExpected: 400
})
}
function checkBadCountPagination (url: string, path: string) {
return makeGetRequest({
url,
path,
query: { count: 'hello' },
statusCodeExpected: 400
})
}
function checkBadSortPagination (url: string, path: string) {
return makeGetRequest({
url,
path,
query: { sort: 'hello' },
statusCodeExpected: 400
})
}
// ---------------------------------------------------------------------------
export {
checkBadStartPagination,
checkBadCountPagination,
checkBadSortPagination
}

View file

@ -1,11 +1,43 @@
import * as request from 'supertest'
function makeGetRequest (url: string, path: string) {
return request(url)
.get(path)
function makeGetRequest (options: {
url: string,
path: string,
query?: any,
token?: string,
statusCodeExpected?: number
}) {
if (!options.statusCodeExpected) options.statusCodeExpected = 400
const req = request(options.url)
.get(options.path)
.set('Accept', 'application/json')
.expect(200)
if (options.token) req.set('Authorization', 'Bearer ' + options.token)
if (options.query) req.query(options.query)
return req
.expect('Content-Type', /json/)
.expect(options.statusCodeExpected)
}
function makeDeleteRequest (options: {
url: string,
path: string,
token?: string,
statusCodeExpected?: number
}) {
if (!options.statusCodeExpected) options.statusCodeExpected = 400
const req = request(options.url)
.delete(options.path)
.set('Accept', 'application/json')
if (options.token) req.set('Authorization', 'Bearer ' + options.token)
return req
.expect('Content-Type', /json/)
.expect(options.statusCodeExpected)
}
function makePostUploadRequest (options: {
@ -48,9 +80,10 @@ function makePostBodyRequest (options: {
url: string,
path: string,
token?: string,
fields: { [ fieldName: string ]: any },
fields?: { [ fieldName: string ]: any },
statusCodeExpected?: number
}) {
if (!options.fields) options.fields = {}
if (!options.statusCodeExpected) options.statusCodeExpected = 400
const req = request(options.url)
@ -88,5 +121,6 @@ export {
makeGetRequest,
makePostUploadRequest,
makePostBodyRequest,
makePutBodyRequest
makePutBodyRequest,
makeDeleteRequest
}

View file

@ -114,7 +114,7 @@ function runServer (serverNumber: number, configOverride?: Object) {
}
return new Promise<ServerInfo>(res => {
server.app = fork(join(__dirname, '..', '..', '..', 'dist', 'server.js'), [], options)
server.app = fork(join(__dirname, '..', '..', '..', '..', 'dist', 'server.js'), [], options)
server.app.stdout.on('data', function onStdout (data) {
let dontContinue = false

View file

@ -26,13 +26,13 @@ function login (url: string, client: Client, user: User, expectedStatus = 200) {
.expect(expectedStatus)
}
async function loginAndGetAccessToken (server: Server) {
async function serverLogin (server: Server) {
const res = await login(server.url, server.client, server.user, 200)
return res.body.access_token as string
}
async function getUserAccessToken (server: Server, user: User) {
async function userLogin (server: Server, user: User) {
const res = await login(server.url, server.client, user, 200)
return res.body.access_token as string
@ -42,7 +42,7 @@ function setAccessTokensToServers (servers: ServerInfo[]) {
const tasks: Promise<any>[] = []
for (const server of servers) {
const p = loginAndGetAccessToken(server).then(t => server.accessToken = t)
const p = serverLogin(server).then(t => server.accessToken = t)
tasks.push(p)
}
@ -53,7 +53,7 @@ function setAccessTokensToServers (servers: ServerInfo[]) {
export {
login,
loginAndGetAccessToken,
getUserAccessToken,
serverLogin,
userLogin,
setAccessTokensToServers
}

View file

@ -21,25 +21,37 @@ type VideoAttributes = {
function getVideoCategories (url: string) {
const path = '/api/v1/videos/categories'
return makeGetRequest(url, path)
return makeGetRequest({
url,
path
})
}
function getVideoLicences (url: string) {
const path = '/api/v1/videos/licences'
return makeGetRequest(url, path)
return makeGetRequest({
url,
path
})
}
function getVideoLanguages (url: string) {
const path = '/api/v1/videos/languages'
return makeGetRequest(url, path)
return makeGetRequest({
url,
path
})
}
function getVideoPrivacies (url: string) {
const path = '/api/v1/videos/privacies'
return makeGetRequest(url, path)
return makeGetRequest({
url,
path
})
}
function getVideo (url: string, id: number | string, expectedStatus = 200) {