Add tests to user roles

This commit is contained in:
Chocobozzz 2017-10-27 17:27:06 +02:00
parent 954605a804
commit 757f0da370
No known key found for this signature in database
GPG Key ID: 583A612D890159BE
6 changed files with 92 additions and 22 deletions

View File

@ -123,7 +123,7 @@ export class AuthUser extends User {
this.tokens.refreshToken = refreshToken this.tokens.refreshToken = refreshToken
} }
hasRight(right: UserRight) { hasRight (right: UserRight) {
return hasUserRight(this.role, right) return hasUserRight(this.role, right)
} }

View File

@ -32,6 +32,6 @@ export const USER_VIDEO_QUOTA = {
export const USER_ROLE = { export const USER_ROLE = {
VALIDATORS: [ Validators.required ], VALIDATORS: [ Validators.required ],
MESSAGES: { MESSAGES: {
'required': 'User role is required.', 'required': 'User role is required.'
} }
} }

View File

@ -1,5 +1,4 @@
import * as Sequelize from 'sequelize' import * as Sequelize from 'sequelize'
import * as uuidv4 from 'uuid/v4'
async function up (utils: { async function up (utils: {
transaction: Sequelize.Transaction, transaction: Sequelize.Transaction,

View File

@ -19,6 +19,7 @@ import {
makePostBodyRequest, makePostBodyRequest,
getUserAccessToken getUserAccessToken
} from '../../utils' } from '../../utils'
import { UserRole } from '../../../../shared'
describe('Test users API validators', function () { describe('Test users API validators', function () {
const path = '/api/v1/users/' const path = '/api/v1/users/'
@ -92,6 +93,7 @@ describe('Test users API validators', function () {
username: 'ji', username: 'ji',
email: 'test@example.com', email: 'test@example.com',
password: 'my_super_password', password: 'my_super_password',
role: UserRole.USER,
videoQuota: 42000000 videoQuota: 42000000
} }
@ -103,7 +105,8 @@ describe('Test users API validators', function () {
username: 'my_super_username_which_is_very_long', username: 'my_super_username_which_is_very_long',
email: 'test@example.com', email: 'test@example.com',
password: 'my_super_password', password: 'my_super_password',
videoQuota: 42000000 videoQuota: 42000000,
role: UserRole.USER
} }
await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
@ -114,7 +117,8 @@ describe('Test users API validators', function () {
username: 'my username', username: 'my username',
email: 'test@example.com', email: 'test@example.com',
password: 'my_super_password', password: 'my_super_password',
videoQuota: 42000000 videoQuota: 42000000,
role: UserRole.USER
} }
await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
@ -124,7 +128,8 @@ describe('Test users API validators', function () {
const fields = { const fields = {
username: 'ji', username: 'ji',
password: 'my_super_password', password: 'my_super_password',
videoQuota: 42000000 videoQuota: 42000000,
role: UserRole.USER
} }
await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
@ -135,7 +140,8 @@ describe('Test users API validators', function () {
username: 'my_super_username_which_is_very_long', username: 'my_super_username_which_is_very_long',
email: 'test_example.com', email: 'test_example.com',
password: 'my_super_password', password: 'my_super_password',
videoQuota: 42000000 videoQuota: 42000000,
role: UserRole.USER
} }
await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
@ -146,7 +152,8 @@ describe('Test users API validators', function () {
username: 'my_username', username: 'my_username',
email: 'test@example.com', email: 'test@example.com',
password: 'bla', password: 'bla',
videoQuota: 42000000 videoQuota: 42000000,
role: UserRole.USER
} }
await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
@ -159,7 +166,8 @@ describe('Test users API validators', function () {
password: 'my super long password which is very very very very very very very very very very very very very very' + password: 'my super long password which is very very very very very very very very very very very very very very' +
'very very very very very very very very very very very very very very very veryv very very very very' + 'very very very very very very very very very very very very very very very veryv very very very very' +
'very very very very very very very very very very very very very very very very very very very very long', 'very very very very very very very very very very very very very very very very very very very very long',
videoQuota: 42000000 videoQuota: 42000000,
role: UserRole.USER
} }
await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
@ -170,7 +178,8 @@ describe('Test users API validators', function () {
username: 'my_username', username: 'my_username',
email: 'test@example.com', email: 'test@example.com',
password: 'my super password', password: 'my super password',
videoQuota: 42000000 videoQuota: 42000000,
role: UserRole.USER
} }
await makePostBodyRequest({ url: server.url, path, token: 'super token', fields, statusCodeExpected: 401 }) await makePostBodyRequest({ url: server.url, path, token: 'super token', fields, statusCodeExpected: 401 })
@ -181,7 +190,8 @@ describe('Test users API validators', function () {
username: 'user1', username: 'user1',
email: 'test@example.com', email: 'test@example.com',
password: 'my super password', password: 'my super password',
videoQuota: 42000000 videoQuota: 42000000,
role: UserRole.USER
} }
await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 }) await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 })
@ -192,7 +202,8 @@ describe('Test users API validators', function () {
username: 'my_username', username: 'my_username',
email: 'user1@example.com', email: 'user1@example.com',
password: 'my super password', password: 'my super password',
videoQuota: 42000000 videoQuota: 42000000,
role: UserRole.USER
} }
await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 }) await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 })
@ -202,7 +213,8 @@ describe('Test users API validators', function () {
const fields = { const fields = {
username: 'my_username', username: 'my_username',
email: 'user1@example.com', email: 'user1@example.com',
password: 'my super password' password: 'my super password',
role: UserRole.USER
} }
await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
@ -213,7 +225,31 @@ describe('Test users API validators', function () {
username: 'my_username', username: 'my_username',
email: 'user1@example.com', email: 'user1@example.com',
password: 'my super password', password: 'my super password',
videoQuota: -5 videoQuota: -5,
role: UserRole.USER
}
await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
})
it('Should fail without a user role', async function () {
const fields = {
username: 'my_username',
email: 'user1@example.com',
password: 'my super password',
videoQuota: 0
}
await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
})
it('Should fail with an invalid user role', async function () {
const fields = {
username: 'my_username',
email: 'user1@example.com',
password: 'my super password',
videoQuota: 0,
role: 88989
} }
await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
@ -224,7 +260,8 @@ describe('Test users API validators', function () {
username: 'user2', username: 'user2',
email: 'test@example.com', email: 'test@example.com',
password: 'my super password', password: 'my super password',
videoQuota: -1 videoQuota: -1,
role: UserRole.USER
} }
await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 204 }) await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 204 })
@ -327,6 +364,14 @@ describe('Test users API validators', function () {
await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
}) })
it('Should fail with an invalid user role attribute', async function () {
const fields = {
role: 54878
}
await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
})
it('Should fail with an non authenticated user', async function () { it('Should fail with an non authenticated user', async function () {
const fields = { const fields = {
videoQuota: 42 videoQuota: 42
@ -338,7 +383,8 @@ describe('Test users API validators', function () {
it('Should succeed with the correct params', async function () { it('Should succeed with the correct params', async function () {
const fields = { const fields = {
email: 'email@example.com', email: 'email@example.com',
videoQuota: 42 videoQuota: 42,
role: UserRole.MODERATOR
} }
await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields, statusCodeExpected: 204 }) await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields, statusCodeExpected: 204 })

View File

@ -25,10 +25,12 @@ import {
updateUser, updateUser,
updateMyUser, updateMyUser,
registerUser, registerUser,
removeUser removeUser,
killallServers,
getUserInformation,
getBlacklistedVideosList
} from '../utils' } from '../utils'
import { killallServers } from '../utils/servers' import { UserRole } from '../../../shared'
import { getUserInformation } from '../utils/users'
describe('Test users', function () { describe('Test users', function () {
let server: ServerInfo let server: ServerInfo
@ -188,6 +190,7 @@ describe('Test users', function () {
expect(user.email).to.equal('user_1@example.com') expect(user.email).to.equal('user_1@example.com')
expect(user.displayNSFW).to.be.false expect(user.displayNSFW).to.be.false
expect(user.videoQuota).to.equal(2 * 1024 * 1024) expect(user.videoQuota).to.equal(2 * 1024 * 1024)
expect(user.roleLabel).to.equal('User')
expect(user.id).to.be.a('number') expect(user.id).to.be.a('number')
}) })
@ -234,6 +237,7 @@ describe('Test users', function () {
const user = users[0] const user = users[0]
expect(user.username).to.equal('root') expect(user.username).to.equal('root')
expect(user.email).to.equal('admin1@example.com') expect(user.email).to.equal('admin1@example.com')
expect(user.roleLabel).to.equal('Administrator')
expect(user.displayNSFW).to.be.false expect(user.displayNSFW).to.be.false
}) })
@ -319,7 +323,7 @@ describe('Test users', function () {
}) })
it('Should be able to update another user', async function () { it('Should be able to update another user', async function () {
await updateUser(server.url, userId, accessToken, 'updated2@example.com', 42) await updateUser(server.url, userId, accessToken, 'updated2@example.com', 42, UserRole.MODERATOR)
const res = await getUserInformation(server.url, accessToken, userId) const res = await getUserInformation(server.url, accessToken, userId)
const user = res.body const user = res.body
@ -328,9 +332,18 @@ describe('Test users', function () {
expect(user.email).to.equal('updated2@example.com') expect(user.email).to.equal('updated2@example.com')
expect(user.displayNSFW).to.be.ok expect(user.displayNSFW).to.be.ok
expect(user.videoQuota).to.equal(42) expect(user.videoQuota).to.equal(42)
expect(user.roleLabel).to.equal('Moderator')
expect(user.id).to.be.a('number') expect(user.id).to.be.a('number')
}) })
it('Should not be able to delete a user by a moderator', async function () {
await removeUser(server.url, 2, accessTokenUser, 403)
})
it('Should be able to list video blacklist by a moderator', async function () {
await getBlacklistedVideosList(server.url, accessTokenUser)
})
it('Should be able to remove this user', async function () { it('Should be able to remove this user', async function () {
await removeUser(server.url, userId, accessToken) await removeUser(server.url, userId, accessToken)
}) })

View File

@ -1,10 +1,21 @@
import * as request from 'supertest' import * as request from 'supertest'
function createUser (url: string, accessToken: string, username: string, password: string, videoQuota = 1000000, specialStatus = 204) { import { UserRole } from '../../../shared'
function createUser (
url: string,
accessToken: string,
username: string,
password: string,
videoQuota = 1000000,
role: UserRole = UserRole.USER,
specialStatus = 204
) {
const path = '/api/v1/users' const path = '/api/v1/users'
const body = { const body = {
username, username,
password, password,
role,
email: username + '@example.com', email: username + '@example.com',
videoQuota videoQuota
} }
@ -114,12 +125,13 @@ function updateMyUser (url: string, accessToken: string, newPassword: string, di
.expect(204) .expect(204)
} }
function updateUser (url: string, userId: number, accessToken: string, email: string, videoQuota: number) { function updateUser (url: string, userId: number, accessToken: string, email: string, videoQuota: number, role: UserRole) {
const path = '/api/v1/users/' + userId const path = '/api/v1/users/' + userId
const toSend = {} const toSend = {}
if (email !== undefined && email !== null) toSend['email'] = email if (email !== undefined && email !== null) toSend['email'] = email
if (videoQuota !== undefined && videoQuota !== null) toSend['videoQuota'] = videoQuota if (videoQuota !== undefined && videoQuota !== null) toSend['videoQuota'] = videoQuota
if (role !== undefined && role !== null) toSend['role'] = role
return request(url) return request(url)
.put(path) .put(path)