From 757f0da370a992cf07afd20d3829b2748c76cc15 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Fri, 27 Oct 2017 17:27:06 +0200 Subject: [PATCH] Add tests to user roles --- client/src/app/core/auth/auth-user.model.ts | 2 +- .../app/shared/forms/form-validators/user.ts | 2 +- .../initializers/migrations/0085-user-role.ts | 1 - server/tests/api/check-params/users.ts | 72 +++++++++++++++---- server/tests/api/users.ts | 21 ++++-- server/tests/utils/users.ts | 16 ++++- 6 files changed, 92 insertions(+), 22 deletions(-) diff --git a/client/src/app/core/auth/auth-user.model.ts b/client/src/app/core/auth/auth-user.model.ts index 085b763ec..7b6c8816f 100644 --- a/client/src/app/core/auth/auth-user.model.ts +++ b/client/src/app/core/auth/auth-user.model.ts @@ -123,7 +123,7 @@ export class AuthUser extends User { this.tokens.refreshToken = refreshToken } - hasRight(right: UserRight) { + hasRight (right: UserRight) { return hasUserRight(this.role, right) } diff --git a/client/src/app/shared/forms/form-validators/user.ts b/client/src/app/shared/forms/form-validators/user.ts index e7473b75b..9d200649c 100644 --- a/client/src/app/shared/forms/form-validators/user.ts +++ b/client/src/app/shared/forms/form-validators/user.ts @@ -32,6 +32,6 @@ export const USER_VIDEO_QUOTA = { export const USER_ROLE = { VALIDATORS: [ Validators.required ], MESSAGES: { - 'required': 'User role is required.', + 'required': 'User role is required.' } } diff --git a/server/initializers/migrations/0085-user-role.ts b/server/initializers/migrations/0085-user-role.ts index e67c5ca24..de75faec2 100644 --- a/server/initializers/migrations/0085-user-role.ts +++ b/server/initializers/migrations/0085-user-role.ts @@ -1,5 +1,4 @@ import * as Sequelize from 'sequelize' -import * as uuidv4 from 'uuid/v4' async function up (utils: { transaction: Sequelize.Transaction, diff --git a/server/tests/api/check-params/users.ts b/server/tests/api/check-params/users.ts index ef78c8262..687999c09 100644 --- a/server/tests/api/check-params/users.ts +++ b/server/tests/api/check-params/users.ts @@ -19,6 +19,7 @@ import { makePostBodyRequest, getUserAccessToken } from '../../utils' +import { UserRole } from '../../../../shared' describe('Test users API validators', function () { const path = '/api/v1/users/' @@ -92,6 +93,7 @@ describe('Test users API validators', function () { username: 'ji', email: 'test@example.com', password: 'my_super_password', + role: UserRole.USER, videoQuota: 42000000 } @@ -103,7 +105,8 @@ describe('Test users API validators', function () { username: 'my_super_username_which_is_very_long', email: 'test@example.com', password: 'my_super_password', - videoQuota: 42000000 + videoQuota: 42000000, + role: UserRole.USER } await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) @@ -114,7 +117,8 @@ describe('Test users API validators', function () { username: 'my username', email: 'test@example.com', password: 'my_super_password', - videoQuota: 42000000 + videoQuota: 42000000, + role: UserRole.USER } await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) @@ -124,7 +128,8 @@ describe('Test users API validators', function () { const fields = { username: 'ji', password: 'my_super_password', - videoQuota: 42000000 + videoQuota: 42000000, + role: UserRole.USER } await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) @@ -135,7 +140,8 @@ describe('Test users API validators', function () { username: 'my_super_username_which_is_very_long', email: 'test_example.com', password: 'my_super_password', - videoQuota: 42000000 + videoQuota: 42000000, + role: UserRole.USER } await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) @@ -146,7 +152,8 @@ describe('Test users API validators', function () { username: 'my_username', email: 'test@example.com', password: 'bla', - videoQuota: 42000000 + videoQuota: 42000000, + role: UserRole.USER } await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) @@ -159,7 +166,8 @@ describe('Test users API validators', function () { password: 'my super long password which is very very very very very very very very very very very very very very' + 'very very very very very very very very very very very very very very very veryv very very very very' + 'very very very very very very very very very very very very very very very very very very very very long', - videoQuota: 42000000 + videoQuota: 42000000, + role: UserRole.USER } await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) @@ -170,7 +178,8 @@ describe('Test users API validators', function () { username: 'my_username', email: 'test@example.com', password: 'my super password', - videoQuota: 42000000 + videoQuota: 42000000, + role: UserRole.USER } await makePostBodyRequest({ url: server.url, path, token: 'super token', fields, statusCodeExpected: 401 }) @@ -181,7 +190,8 @@ describe('Test users API validators', function () { username: 'user1', email: 'test@example.com', password: 'my super password', - videoQuota: 42000000 + videoQuota: 42000000, + role: UserRole.USER } await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 }) @@ -192,7 +202,8 @@ describe('Test users API validators', function () { username: 'my_username', email: 'user1@example.com', password: 'my super password', - videoQuota: 42000000 + videoQuota: 42000000, + role: UserRole.USER } await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 }) @@ -202,7 +213,8 @@ describe('Test users API validators', function () { const fields = { username: 'my_username', email: 'user1@example.com', - password: 'my super password' + password: 'my super password', + role: UserRole.USER } await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) @@ -213,7 +225,31 @@ describe('Test users API validators', function () { username: 'my_username', email: 'user1@example.com', password: 'my super password', - videoQuota: -5 + videoQuota: -5, + role: UserRole.USER + } + + await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) + }) + + it('Should fail without a user role', async function () { + const fields = { + username: 'my_username', + email: 'user1@example.com', + password: 'my super password', + videoQuota: 0 + } + + await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) + }) + + it('Should fail with an invalid user role', async function () { + const fields = { + username: 'my_username', + email: 'user1@example.com', + password: 'my super password', + videoQuota: 0, + role: 88989 } await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) @@ -224,7 +260,8 @@ describe('Test users API validators', function () { username: 'user2', email: 'test@example.com', password: 'my super password', - videoQuota: -1 + videoQuota: -1, + role: UserRole.USER } await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 204 }) @@ -327,6 +364,14 @@ describe('Test users API validators', function () { await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) }) + it('Should fail with an invalid user role attribute', async function () { + const fields = { + role: 54878 + } + + await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) + }) + it('Should fail with an non authenticated user', async function () { const fields = { videoQuota: 42 @@ -338,7 +383,8 @@ describe('Test users API validators', function () { it('Should succeed with the correct params', async function () { const fields = { email: 'email@example.com', - videoQuota: 42 + videoQuota: 42, + role: UserRole.MODERATOR } await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields, statusCodeExpected: 204 }) diff --git a/server/tests/api/users.ts b/server/tests/api/users.ts index dbf0801f3..bdef62c46 100644 --- a/server/tests/api/users.ts +++ b/server/tests/api/users.ts @@ -25,10 +25,12 @@ import { updateUser, updateMyUser, registerUser, - removeUser + removeUser, + killallServers, + getUserInformation, + getBlacklistedVideosList } from '../utils' -import { killallServers } from '../utils/servers' -import { getUserInformation } from '../utils/users' +import { UserRole } from '../../../shared' describe('Test users', function () { let server: ServerInfo @@ -188,6 +190,7 @@ describe('Test users', function () { expect(user.email).to.equal('user_1@example.com') expect(user.displayNSFW).to.be.false expect(user.videoQuota).to.equal(2 * 1024 * 1024) + expect(user.roleLabel).to.equal('User') expect(user.id).to.be.a('number') }) @@ -234,6 +237,7 @@ describe('Test users', function () { const user = users[0] expect(user.username).to.equal('root') expect(user.email).to.equal('admin1@example.com') + expect(user.roleLabel).to.equal('Administrator') expect(user.displayNSFW).to.be.false }) @@ -319,7 +323,7 @@ describe('Test users', function () { }) it('Should be able to update another user', async function () { - await updateUser(server.url, userId, accessToken, 'updated2@example.com', 42) + await updateUser(server.url, userId, accessToken, 'updated2@example.com', 42, UserRole.MODERATOR) const res = await getUserInformation(server.url, accessToken, userId) const user = res.body @@ -328,9 +332,18 @@ describe('Test users', function () { expect(user.email).to.equal('updated2@example.com') expect(user.displayNSFW).to.be.ok expect(user.videoQuota).to.equal(42) + expect(user.roleLabel).to.equal('Moderator') expect(user.id).to.be.a('number') }) + it('Should not be able to delete a user by a moderator', async function () { + await removeUser(server.url, 2, accessTokenUser, 403) + }) + + it('Should be able to list video blacklist by a moderator', async function () { + await getBlacklistedVideosList(server.url, accessTokenUser) + }) + it('Should be able to remove this user', async function () { await removeUser(server.url, userId, accessToken) }) diff --git a/server/tests/utils/users.ts b/server/tests/utils/users.ts index e5f3eb1b3..12569dd42 100644 --- a/server/tests/utils/users.ts +++ b/server/tests/utils/users.ts @@ -1,10 +1,21 @@ import * as request from 'supertest' -function createUser (url: string, accessToken: string, username: string, password: string, videoQuota = 1000000, specialStatus = 204) { +import { UserRole } from '../../../shared' + +function createUser ( + url: string, + accessToken: string, + username: string, + password: string, + videoQuota = 1000000, + role: UserRole = UserRole.USER, + specialStatus = 204 +) { const path = '/api/v1/users' const body = { username, password, + role, email: username + '@example.com', videoQuota } @@ -114,12 +125,13 @@ function updateMyUser (url: string, accessToken: string, newPassword: string, di .expect(204) } -function updateUser (url: string, userId: number, accessToken: string, email: string, videoQuota: number) { +function updateUser (url: string, userId: number, accessToken: string, email: string, videoQuota: number, role: UserRole) { const path = '/api/v1/users/' + userId const toSend = {} if (email !== undefined && email !== null) toSend['email'] = email if (videoQuota !== undefined && videoQuota !== null) toSend['videoQuota'] = videoQuota + if (role !== undefined && role !== null) toSend['role'] = role return request(url) .put(path) -- 2.25.1