return res.sendStatus(500)
}
- if (res.statusCode === 401 || res.statusCode === 400 || res.statusCode === 503) return res.end()
+ if (res.statusCode === 401 || res.statusCode === 400 || res.statusCode === 503) {
+ return res.json({
+ error: 'Authentication failed.'
+ }).end()
+ }
return next()
})
return function (req: express.Request, res: express.Response, next: express.NextFunction) {
const user = res.locals.oauth.token.user as UserModel
if (user.hasRight(userRight) === false) {
- logger.info('User %s does not have right %s to access to %s.', user.username, UserRight[userRight], req.path)
- return res.sendStatus(403)
+ const message = `User ${user.username} does not have right ${UserRight[userRight]} to access to ${req.path}.`
+ logger.info(message)
+
+ return res.status(403)
+ .json({
+ error: message
+ })
+ .end()
}
return next()
const follow = await ActorFollowModel.loadByActorAndTargetHost(serverActor.id, req.params.host)
if (!follow) {
- return res.status(404)
+ return res
+ .status(404)
+ .json({
+ error: `Follower ${req.params.host} not found.`
+ })
.end()
}
import * as request from 'supertest'
import {
- createUser,
- flushTests,
- killallServers,
- loginAndGetAccessToken,
- runServer,
- ServerInfo,
- setAccessTokensToServers
+ createUser, flushTests, killallServers, makeDeleteRequest, makePostBodyRequest, runServer, ServerInfo, setAccessTokensToServers,
+ userLogin
} from '../../utils'
+import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '../../utils/requests/check-api-params'
describe('Test server follows API validators', function () {
let server: ServerInfo
// ---------------------------------------------------------------
before(async function () {
- this.timeout(45000)
+ this.timeout(20000)
await flushTests()
server = await runServer(1)
let userAccessToken = null
before(async function () {
- await createUser(server.url, server.accessToken, 'user1', 'password')
- server.user = {
+ const user = {
username: 'user1',
password: 'password'
}
- userAccessToken = await loginAndGetAccessToken(server)
+ await createUser(server.url, server.accessToken, user.username, user.password)
+ userAccessToken = await userLogin(server, user)
})
describe('When adding follows', function () {
const path = '/api/v1/server/following'
- const body = {
- hosts: [ 'localhost:9002' ]
- }
it('Should fail without hosts', async function () {
- await request(server.url)
- .post(path)
- .set('Authorization', 'Bearer ' + server.accessToken)
- .set('Accept', 'application/json')
- .expect(400)
+ await makePostBodyRequest({
+ url: server.url,
+ path,
+ token: server.accessToken,
+ statusCodeExpected: 400
+ })
})
it('Should fail if hosts is not an array', async function () {
- await request(server.url)
- .post(path)
- .send({ hosts: 'localhost:9002' })
- .set('Authorization', 'Bearer ' + server.accessToken)
- .set('Accept', 'application/json')
- .expect(400)
+ await makePostBodyRequest({
+ url: server.url,
+ path,
+ token: server.accessToken,
+ fields: { hosts: 'localhost:9002' },
+ statusCodeExpected: 400
+ })
})
it('Should fail if the array is not composed by hosts', async function () {
- await request(server.url)
- .post(path)
- .send({ hosts: [ 'localhost:9002', 'localhost:coucou' ] })
- .set('Authorization', 'Bearer ' + server.accessToken)
- .set('Accept', 'application/json')
- .expect(400)
+ await makePostBodyRequest({
+ url: server.url,
+ path,
+ fields: { hosts: [ 'localhost:9002', 'localhost:coucou' ] },
+ token: server.accessToken,
+ statusCodeExpected: 400
+ })
})
it('Should fail if the array is composed with http schemes', async function () {
- await request(server.url)
- .post(path)
- .send({ hosts: [ 'localhost:9002', 'http://localhost:9003' ] })
- .set('Authorization', 'Bearer ' + server.accessToken)
- .set('Accept', 'application/json')
- .expect(400)
+ await makePostBodyRequest({
+ url: server.url,
+ path,
+ fields: { hosts: [ 'localhost:9002', 'http://localhost:9003' ] },
+ token: server.accessToken,
+ statusCodeExpected: 400
+ })
})
it('Should fail if hosts are not unique', async function () {
- await request(server.url)
- .post(path)
- .send({ urls: [ 'localhost:9002', 'localhost:9002' ] })
- .set('Authorization', 'Bearer ' + server.accessToken)
- .set('Accept', 'application/json')
- .expect(400)
+ await makePostBodyRequest({
+ url: server.url,
+ path,
+ fields: { urls: [ 'localhost:9002', 'localhost:9002' ] },
+ token: server.accessToken,
+ statusCodeExpected: 400
+ })
})
it('Should fail with an invalid token', async function () {
- await request(server.url)
- .post(path)
- .send(body)
- .set('Authorization', 'Bearer fake_token')
- .set('Accept', 'application/json')
- .expect(401)
+ await makePostBodyRequest({
+ url: server.url,
+ path,
+ fields: { hosts: [ 'localhost:9002' ] },
+ token: 'fake_token',
+ statusCodeExpected: 401
+ })
})
it('Should fail if the user is not an administrator', async function () {
- await request(server.url)
- .post(path)
- .send(body)
- .set('Authorization', 'Bearer ' + userAccessToken)
- .set('Accept', 'application/json')
- .expect(403)
+ await makePostBodyRequest({
+ url: server.url,
+ path,
+ fields: { hosts: [ 'localhost:9002' ] },
+ token: userAccessToken,
+ statusCodeExpected: 403
+ })
})
})
const path = '/api/v1/server/following'
it('Should fail with a bad start pagination', async function () {
- await request(server.url)
- .get(path)
- .query({ start: 'hello' })
- .set('Accept', 'application/json')
- .expect(400)
+ await checkBadStartPagination(server.url, path)
})
it('Should fail with a bad count pagination', async function () {
- await request(server.url)
- .get(path)
- .query({ count: 'hello' })
- .set('Accept', 'application/json')
- .expect(400)
+ await checkBadCountPagination(server.url, path)
})
it('Should fail with an incorrect sort', async function () {
- await request(server.url)
- .get(path)
- .query({ sort: 'hello' })
- .set('Accept', 'application/json')
- .expect(400)
+ await checkBadSortPagination(server.url, path)
})
})
const path = '/api/v1/server/followers'
it('Should fail with a bad start pagination', async function () {
- await request(server.url)
- .get(path)
- .query({ start: 'hello' })
- .set('Accept', 'application/json')
- .expect(400)
+ await checkBadStartPagination(server.url, path)
})
it('Should fail with a bad count pagination', async function () {
- await request(server.url)
- .get(path)
- .query({ count: 'hello' })
- .set('Accept', 'application/json')
- .expect(400)
+ await checkBadCountPagination(server.url, path)
})
it('Should fail with an incorrect sort', async function () {
- await request(server.url)
- .get(path)
- .query({ sort: 'hello' })
- .set('Accept', 'application/json')
- .expect(400)
+ await checkBadSortPagination(server.url, path)
})
})
const path = '/api/v1/server/following'
it('Should fail with an invalid token', async function () {
- await request(server.url)
- .delete(path + '/1')
- .set('Authorization', 'Bearer faketoken')
- .set('Accept', 'application/json')
- .expect(401)
+ await makeDeleteRequest({
+ url: server.url,
+ path: path + '/localhost:9002',
+ token: 'fake_token',
+ statusCodeExpected: 401
+ })
})
it('Should fail if the user is not an administrator', async function () {
- await request(server.url)
- .delete(path + '/1')
- .set('Authorization', 'Bearer ' + userAccessToken)
- .set('Accept', 'application/json')
- .expect(403)
- })
-
- it('Should fail we do not follow this server', async function () {
- await request(server.url)
- .delete(path + '/example.com')
- .set('Authorization', 'Bearer ' + server.accessToken)
- .set('Accept', 'application/json')
- .expect(404)
+ await makeDeleteRequest({
+ url: server.url,
+ path: path + '/localhost:9002',
+ token: userAccessToken,
+ statusCodeExpected: 403
+ })
+ })
+
+ it('Should fail if we do not follow this server', async function () {
+ await makeDeleteRequest({
+ url: server.url,
+ path: path + '/example.com',
+ token: server.accessToken,
+ statusCodeExpected: 404
+ })
+ })
+
+ it('Should succeed with the correct parameters', async function () {
+ await makeDeleteRequest({
+ url: server.url,
+ path: path + '/localhost:9002',
+ token: server.accessToken,
+ statusCodeExpected: 404
+ })
})
-
- it('Should succeed with the correct parameters')
})
})
import 'mocha'
import * as request from 'supertest'
-import { createUser, flushTests, getUserAccessToken, killallServers, runServer, ServerInfo, setAccessTokensToServers } from '../../utils'
+import { createUser, flushTests, userLogin, killallServers, runServer, ServerInfo, setAccessTokensToServers } from '../../utils'
describe('Test jobs API validators', function () {
const path = '/api/v1/jobs/'
password: 'my super password'
}
await createUser(server.url, server.accessToken, user.username, user.password)
- userAccessToken = await getUserAccessToken(server, user)
+ userAccessToken = await userLogin(server, user)
})
describe('When listing jobs', function () {
getVideosList,
makePutBodyRequest,
createUser,
- loginAndGetAccessToken,
+ serverLogin,
getUsersList,
registerUser,
setAccessTokensToServers,
killallServers,
makePostBodyRequest,
- getUserAccessToken
+ userLogin
} from '../../utils'
import { UserRole } from '../../../../shared'
username: 'user1',
password: 'my super password'
}
- userAccessToken = await getUserAccessToken(server, user)
+ userAccessToken = await userLogin(server, user)
})
describe('When listing users', function () {
password: 'my super password'
}
- userAccessToken = await loginAndGetAccessToken(server)
+ userAccessToken = await serverLogin(server)
const fields = {
username: 'user3',
email: 'test@example.com',
email: 'test3@example.com',
password: 'my super password'
}
- userAccessToken = await loginAndGetAccessToken(server)
+ userAccessToken = await serverLogin(server)
const videoAttributes = { fixture: 'video_short2.webm' }
await uploadVideo(server.url, userAccessToken, videoAttributes)
setAccessTokensToServers,
killallServers,
makePostBodyRequest,
- getUserAccessToken
+ userLogin
} from '../../utils'
describe('Test video abuses API validators', function () {
const password = 'my super password'
await createUser(server.url, server.accessToken, username, password)
- userAccessToken = await getUserAccessToken(server, { username, password })
+ userAccessToken = await userLogin(server, { username, password })
// Upload a video
const videoAttributes = {}
setAccessTokensToServers,
killallServers,
makePostBodyRequest,
- getUserAccessToken
+ userLogin
} from '../../utils'
describe('Test video blacklist API validators', function () {
const username = 'user1'
const password = 'my super password'
await createUser(server.url, server.accessToken, username, password)
- userAccessToken = await getUserAccessToken(server, { username, password })
+ userAccessToken = await userLogin(server, { username, password })
// Upload a video
const videoAttributes = {}
makePostBodyRequest,
getVideoChannelsList,
createUser,
- getUserAccessToken
+ userLogin
} from '../../utils'
describe('Test videos API validator', function () {
}
await createUser(server.url, server.accessToken, user.username, user.password)
- accessTokenUser = await getUserAccessToken(server, user)
+ accessTokenUser = await userLogin(server, user)
})
describe('When listing a video channels', function () {
makePostUploadRequest,
getMyUserInformation,
createUser,
- getUserAccessToken
+ userLogin
} from '../../utils'
import { VideoPrivacy } from '../../../../shared/models/videos/video-privacy.enum'
}
await createUser(server.url, server.accessToken, user.username, user.password)
- const accessTokenUser = await getUserAccessToken(server, user)
+ const accessTokenUser = await userLogin(server, user)
const res = await getMyUserInformation(server.url, accessTokenUser)
const customChannelId = res.body.videoChannels[0].id
} from '../../utils/index'
import { dateIsValid, webtorrentAdd } from '../../utils/miscs/miscs'
import { follow, getFollowersListPaginationAndSort, getFollowingListPaginationAndSort, unfollow } from '../../utils/server/follows'
-import { getUserAccessToken } from '../../utils/users/login'
+import { userLogin } from '../../utils/users/login'
import { createUser } from '../../utils/users/users'
import {
addVideoCommentReply, addVideoCommentThread, getVideoCommentThreads,
{
const user = { username: 'captain', password: 'password' }
await createUser(servers[2].url, servers[2].accessToken, user.username, user.password)
- const userAccessToken = await getUserAccessToken(servers[2], user)
+ const userAccessToken = await userLogin(servers[2], user)
const resVideos = await getVideosList(servers[ 2 ].url)
const video4 = resVideos.body.data.find(v => v.name === 'server3-4')
getVideosList,
killallServers,
login,
- loginAndGetAccessToken,
+ serverLogin,
makePutBodyRequest,
rateVideo,
registerUser,
password: 'super password'
}
- accessTokenUser = await loginAndGetAccessToken(server)
+ accessTokenUser = await serverLogin(server)
})
it('Should be able to get the user information', async function () {
password: 'my super password'
}
- accessToken = await loginAndGetAccessToken(server)
+ accessToken = await serverLogin(server)
})
it('Should have the correct video quota', async function () {
import { VideoComment, VideoCommentThreadTree } from '../../../../shared/models/videos/video-comment.model'
import {
- addVideoChannel, dateIsValid, doubleFollow, flushAndRunMultipleServers, flushTests, getUserAccessToken, getVideo,
+ addVideoChannel, dateIsValid, doubleFollow, flushAndRunMultipleServers, flushTests, userLogin, getVideo,
getVideoChannelsList, getVideosList, killallServers, rateVideo, removeVideo, ServerInfo, setAccessTokensToServers, testVideoImage,
updateVideo, uploadVideo, wait, webtorrentAdd
} from '../../utils/index'
password: 'super_password'
}
await createUser(servers[1].url, servers[1].accessToken, user.username, user.password)
- const userAccessToken = await getUserAccessToken(servers[1], user)
+ const userAccessToken = await userLogin(servers[1], user)
const videoAttributes = {
name: 'my super name for server 2',
wait
} from '../../utils/index'
import { doubleFollow } from '../../utils/server/follows'
-import { getUserAccessToken } from '../../utils/users/login'
+import { userLogin } from '../../utils/users/login'
import { createUser } from '../../utils/users/users'
import { getMyVideos, getVideo, getVideoWithToken, updateVideo } from '../../utils/videos/videos'
}
await createUser(servers[0].url, servers[0].accessToken, user.username, user.password)
- const token = await getUserAccessToken(servers[0], user)
+ const token = await userLogin(servers[0], user)
await getVideoWithToken(servers[0].url, token, privateVideoUUID, 403)
})
ServerInfo,
flushTests,
runServer,
- loginAndGetAccessToken,
+ serverLogin,
uploadVideo,
getVideosList
} from './utils'
await flushTests()
server = await runServer(1)
- server.accessToken = await loginAndGetAccessToken(server)
+ server.accessToken = await serverLogin(server)
const videoAttributes = {
name: 'my super name for server 1',
import {
getClient,
- loginAndGetAccessToken
+ serverLogin
} from '../../utils'
program
server.client.id = res.body.client_id
server.client.secret = res.body.client_secret
- return loginAndGetAccessToken(server)
+ return serverLogin(server)
})
.then(accessToken => {
console.log(accessToken)
--- /dev/null
+import { makeGetRequest } from './requests'
+
+function checkBadStartPagination (url: string, path: string) {
+ return makeGetRequest({
+ url,
+ path,
+ query: { start: 'hello' },
+ statusCodeExpected: 400
+ })
+}
+
+function checkBadCountPagination (url: string, path: string) {
+ return makeGetRequest({
+ url,
+ path,
+ query: { count: 'hello' },
+ statusCodeExpected: 400
+ })
+}
+
+function checkBadSortPagination (url: string, path: string) {
+ return makeGetRequest({
+ url,
+ path,
+ query: { sort: 'hello' },
+ statusCodeExpected: 400
+ })
+}
+
+// ---------------------------------------------------------------------------
+
+export {
+ checkBadStartPagination,
+ checkBadCountPagination,
+ checkBadSortPagination
+}
import * as request from 'supertest'
-function makeGetRequest (url: string, path: string) {
- return request(url)
- .get(path)
+function makeGetRequest (options: {
+ url: string,
+ path: string,
+ query?: any,
+ token?: string,
+ statusCodeExpected?: number
+}) {
+ if (!options.statusCodeExpected) options.statusCodeExpected = 400
+
+ const req = request(options.url)
+ .get(options.path)
.set('Accept', 'application/json')
- .expect(200)
+
+ if (options.token) req.set('Authorization', 'Bearer ' + options.token)
+ if (options.query) req.query(options.query)
+
+ return req
.expect('Content-Type', /json/)
+ .expect(options.statusCodeExpected)
+}
+
+function makeDeleteRequest (options: {
+ url: string,
+ path: string,
+ token?: string,
+ statusCodeExpected?: number
+}) {
+ if (!options.statusCodeExpected) options.statusCodeExpected = 400
+
+ const req = request(options.url)
+ .delete(options.path)
+ .set('Accept', 'application/json')
+
+ if (options.token) req.set('Authorization', 'Bearer ' + options.token)
+
+ return req
+ .expect('Content-Type', /json/)
+ .expect(options.statusCodeExpected)
}
function makePostUploadRequest (options: {
url: string,
path: string,
token?: string,
- fields: { [ fieldName: string ]: any },
+ fields?: { [ fieldName: string ]: any },
statusCodeExpected?: number
}) {
+ if (!options.fields) options.fields = {}
if (!options.statusCodeExpected) options.statusCodeExpected = 400
const req = request(options.url)
makeGetRequest,
makePostUploadRequest,
makePostBodyRequest,
- makePutBodyRequest
+ makePutBodyRequest,
+ makeDeleteRequest
}
}
return new Promise<ServerInfo>(res => {
- server.app = fork(join(__dirname, '..', '..', '..', 'dist', 'server.js'), [], options)
+ server.app = fork(join(__dirname, '..', '..', '..', '..', 'dist', 'server.js'), [], options)
server.app.stdout.on('data', function onStdout (data) {
let dontContinue = false
.expect(expectedStatus)
}
-async function loginAndGetAccessToken (server: Server) {
+async function serverLogin (server: Server) {
const res = await login(server.url, server.client, server.user, 200)
return res.body.access_token as string
}
-async function getUserAccessToken (server: Server, user: User) {
+async function userLogin (server: Server, user: User) {
const res = await login(server.url, server.client, user, 200)
return res.body.access_token as string
const tasks: Promise<any>[] = []
for (const server of servers) {
- const p = loginAndGetAccessToken(server).then(t => server.accessToken = t)
+ const p = serverLogin(server).then(t => server.accessToken = t)
tasks.push(p)
}
export {
login,
- loginAndGetAccessToken,
- getUserAccessToken,
+ serverLogin,
+ userLogin,
setAccessTokensToServers
}
function getVideoCategories (url: string) {
const path = '/api/v1/videos/categories'
- return makeGetRequest(url, path)
+ return makeGetRequest({
+ url,
+ path
+ })
}
function getVideoLicences (url: string) {
const path = '/api/v1/videos/licences'
- return makeGetRequest(url, path)
+ return makeGetRequest({
+ url,
+ path
+ })
}
function getVideoLanguages (url: string) {
const path = '/api/v1/videos/languages'
- return makeGetRequest(url, path)
+ return makeGetRequest({
+ url,
+ path
+ })
}
function getVideoPrivacies (url: string) {
const path = '/api/v1/videos/privacies'
- return makeGetRequest(url, path)
+ return makeGetRequest({
+ url,
+ path
+ })
}
function getVideo (url: string, id: number | string, expectedStatus = 200) {
projects / oweals / peertube.git / commitdiff