2015-07-20 00:09:47 -07:00
|
|
|
/* global it:false */
|
|
|
|
|
/* global describe:false */
|
|
|
|
|
/* global before:false */
|
|
|
|
|
/* global after:false */
|
|
|
|
|
|
|
|
|
|
'use strict';
|
|
|
|
|
|
2021-06-05 11:46:34 -07:00
|
|
|
const common = require('./common.js'),
|
2015-07-20 00:09:47 -07:00
|
|
|
expect = require('expect.js'),
|
2015-12-15 09:12:52 -08:00
|
|
|
superagent = require('superagent'),
|
2018-08-31 14:30:00 -07:00
|
|
|
users = require('../../users.js');
|
2015-07-20 00:09:47 -07:00
|
|
|
|
2021-06-05 11:46:34 -07:00
|
|
|
describe('Users API', function () {
|
|
|
|
|
const { setup, cleanup, serverUrl, owner, user } = common;
|
|
|
|
|
|
|
|
|
|
const user2 = {
|
|
|
|
|
id: null,
|
|
|
|
|
username: 'User2',
|
|
|
|
|
password: 'Foobar?1339',
|
|
|
|
|
email: 'uSer2@cloudron.LoCal',
|
|
|
|
|
token: null
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const unnamedUser = {
|
|
|
|
|
id: null,
|
|
|
|
|
email: 'unnameduser@cloudron.local',
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const userWithPassword = {
|
|
|
|
|
id: null,
|
|
|
|
|
username: 'userwithpassword',
|
|
|
|
|
password: 'Secret123#',
|
|
|
|
|
email: 'userwithpassword@cloudron.local',
|
|
|
|
|
token: null
|
|
|
|
|
};
|
2015-07-20 00:09:47 -07:00
|
|
|
|
2021-06-05 11:46:34 -07:00
|
|
|
before(setup);
|
|
|
|
|
after(cleanup);
|
2018-01-26 21:31:04 +01:00
|
|
|
|
2021-06-05 11:46:34 -07:00
|
|
|
describe('user info', async function () {
|
|
|
|
|
it('cannot get userInfo of random user', async function () {
|
|
|
|
|
const response = await superagent.get(`${serverUrl}/api/v1/users/baduserid`)
|
|
|
|
|
.query({ access_token: owner.token })
|
|
|
|
|
.ok(() => true);
|
2018-11-10 00:43:46 -08:00
|
|
|
|
2021-06-05 11:46:34 -07:00
|
|
|
expect(response.statusCode).to.equal(404);
|
|
|
|
|
});
|
2015-07-20 00:09:47 -07:00
|
|
|
|
2021-06-05 11:46:34 -07:00
|
|
|
it('can get userInfo with token', async function () {
|
|
|
|
|
const response = await superagent.get(`${serverUrl}/api/v1/users/${user.id}`)
|
|
|
|
|
.query({ access_token: owner.token });
|
2016-09-30 10:17:50 -07:00
|
|
|
|
2021-06-05 11:46:34 -07:00
|
|
|
expect(response.statusCode).to.equal(200);
|
|
|
|
|
expect(response.body.username).to.equal(user.username.toLowerCase());
|
|
|
|
|
expect(response.body.email).to.equal(user.email.toLowerCase());
|
|
|
|
|
expect(response.body.groupIds).to.eql([]);
|
|
|
|
|
expect(response.body.role).to.be(users.ROLE_USER);
|
|
|
|
|
});
|
2019-04-15 16:36:37 -07:00
|
|
|
|
2021-06-05 11:46:34 -07:00
|
|
|
it('cannot get userInfo with normal user token', async function () {
|
|
|
|
|
const reponse = await superagent.get(`${serverUrl}/api/v1/users/${user.id}`)
|
|
|
|
|
.query({ access_token: user.token })
|
|
|
|
|
.ok(() => true);
|
2016-01-18 15:37:03 +01:00
|
|
|
|
2021-06-05 11:46:34 -07:00
|
|
|
expect(reponse.statusCode).to.equal(403);
|
|
|
|
|
});
|
|
|
|
|
});
|
2016-01-18 15:37:03 +01:00
|
|
|
|
2021-06-05 11:46:34 -07:00
|
|
|
describe('create user', function () {
|
|
|
|
|
it('cannot create user without email', async function () {
|
|
|
|
|
const response = await superagent.post(`${serverUrl}/api/v1/users`)
|
|
|
|
|
.query({ access_token: owner.token })
|
|
|
|
|
.send({ username: user2.username })
|
|
|
|
|
.ok(() => true);
|
2016-02-11 12:02:35 +01:00
|
|
|
|
2021-06-05 11:46:34 -07:00
|
|
|
expect(response.statusCode).to.equal(400);
|
2016-02-11 12:02:35 +01:00
|
|
|
});
|
2015-07-20 00:09:47 -07:00
|
|
|
|
2021-10-26 22:50:02 +02:00
|
|
|
it('cannot create user with non email fallbackEmail', async function () {
|
|
|
|
|
const response = await superagent.post(`${serverUrl}/api/v1/users`)
|
|
|
|
|
.query({ access_token: owner.token })
|
|
|
|
|
.send({ username: user2.username, email: user2.email, fallbackEmail: 'notanemail' })
|
|
|
|
|
.ok(() => true);
|
|
|
|
|
|
|
|
|
|
expect(response.statusCode).to.equal(400);
|
|
|
|
|
});
|
|
|
|
|
|
2021-06-05 11:46:34 -07:00
|
|
|
it('create second user succeeds', async function () {
|
|
|
|
|
const response = await superagent.post(`${serverUrl}/api/v1/users`)
|
|
|
|
|
.query({ access_token: owner.token })
|
|
|
|
|
.send({ username: user2.username, email: user2.email });
|
2015-07-20 00:09:47 -07:00
|
|
|
|
2021-06-05 11:46:34 -07:00
|
|
|
expect(response.statusCode).to.equal(201);
|
2016-01-18 15:37:03 +01:00
|
|
|
|
2021-06-05 11:46:34 -07:00
|
|
|
user2.id = response.body.id;
|
|
|
|
|
});
|
2015-07-20 00:09:47 -07:00
|
|
|
|
2021-06-05 11:46:34 -07:00
|
|
|
it('get userInfo succeeds for second user', async function () {
|
|
|
|
|
const response = await superagent.get(`${serverUrl}/api/v1/users/${user2.id}`)
|
|
|
|
|
.query({ access_token: owner.token });
|
2016-01-18 15:37:03 +01:00
|
|
|
|
2021-06-05 11:46:34 -07:00
|
|
|
expect(response.statusCode).to.equal(200);
|
|
|
|
|
expect(response.body.username).to.equal(user2.username.toLowerCase());
|
|
|
|
|
expect(response.body.email).to.equal(user2.email.toLowerCase());
|
|
|
|
|
expect(response.body.groupIds).to.eql([]);
|
|
|
|
|
});
|
2015-07-20 00:09:47 -07:00
|
|
|
|
2021-06-05 11:46:34 -07:00
|
|
|
it('create user missing username succeeds', async function () {
|
|
|
|
|
const response = await superagent.post(`${serverUrl}/api/v1/users`)
|
|
|
|
|
.query({ access_token: owner.token })
|
|
|
|
|
.send({ email: unnamedUser.email });
|
2015-07-20 00:09:47 -07:00
|
|
|
|
2021-06-05 11:46:34 -07:00
|
|
|
expect(response.statusCode).to.equal(201);
|
|
|
|
|
unnamedUser.id = response.body.id;
|
2020-02-14 14:04:51 -08:00
|
|
|
});
|
2015-07-20 00:09:47 -07:00
|
|
|
|
2021-06-05 11:46:34 -07:00
|
|
|
it('create user missing email fails', async function () {
|
|
|
|
|
const response = await superagent.post(`${serverUrl}/api/v1/users`)
|
|
|
|
|
.query({ access_token: owner.token })
|
|
|
|
|
.send({ username: 'someusername' })
|
|
|
|
|
.ok(() => true);
|
|
|
|
|
|
|
|
|
|
expect(response.statusCode).to.equal(400);
|
2020-02-14 14:04:51 -08:00
|
|
|
});
|
2015-07-20 00:09:47 -07:00
|
|
|
|
2021-06-05 11:46:34 -07:00
|
|
|
it('create user reserved name fails', async function () {
|
|
|
|
|
const response = await superagent.post(`${serverUrl}/api/v1/users`)
|
|
|
|
|
.query({ access_token: owner.token })
|
|
|
|
|
.send({ username: 'no-reply', email: 'reserved@cloudron.local' })
|
|
|
|
|
.ok(() => true);
|
|
|
|
|
|
|
|
|
|
expect(response.statusCode).to.equal(400);
|
2020-02-14 14:04:51 -08:00
|
|
|
});
|
2015-07-20 00:09:47 -07:00
|
|
|
|
2021-06-05 11:46:34 -07:00
|
|
|
it('create user with short name succeeds', async function () {
|
|
|
|
|
const response = await superagent.post(`${serverUrl}/api/v1/users`)
|
|
|
|
|
.query({ access_token: owner.token })
|
|
|
|
|
.send({ username: 'n', email: 'reserved@cloudron.local' });
|
2015-07-20 00:09:47 -07:00
|
|
|
|
2021-06-05 11:46:34 -07:00
|
|
|
expect(response.statusCode).to.equal(201);
|
2020-02-14 14:04:51 -08:00
|
|
|
});
|
2016-06-03 00:14:52 -07:00
|
|
|
|
2021-06-05 11:46:34 -07:00
|
|
|
it('create user with same username should fail', async function () {
|
|
|
|
|
const response = await superagent.post(`${serverUrl}/api/v1/users`)
|
|
|
|
|
.query({ access_token: owner.token })
|
|
|
|
|
.send({ username: user2.username, email: user2.email })
|
|
|
|
|
.ok(() => true);
|
2016-02-11 11:39:19 +01:00
|
|
|
|
2021-06-05 11:46:34 -07:00
|
|
|
expect(response.statusCode).to.equal(409);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('cannot create user with bad password', async function () {
|
|
|
|
|
const response = await superagent.post(`${serverUrl}/api/v1/users`)
|
|
|
|
|
.query({ access_token: owner.token })
|
|
|
|
|
.send({ username: 'badpassworduser', email: 'badpass@cloudron.local', password:'tooweak' })
|
|
|
|
|
.ok(() => true);
|
|
|
|
|
|
|
|
|
|
expect(response.statusCode).to.equal(400);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('can create user with a password', async function () {
|
|
|
|
|
const response = await superagent.post(`${serverUrl}/api/v1/users`)
|
|
|
|
|
.query({ access_token: owner.token })
|
|
|
|
|
.send({ username: userWithPassword.username, email: userWithPassword.email, password: userWithPassword.password });
|
2015-07-20 00:09:47 -07:00
|
|
|
|
2021-06-05 11:46:34 -07:00
|
|
|
expect(response.statusCode).to.equal(201);
|
|
|
|
|
userWithPassword.id = response.body.id;
|
|
|
|
|
});
|
|
|
|
|
|
2021-07-15 09:50:11 -07:00
|
|
|
it('did set password of created user', async function () {
|
|
|
|
|
await users.verify(userWithPassword.id, userWithPassword.password, users.AP_WEBADMIN);
|
2020-02-14 14:04:51 -08:00
|
|
|
});
|
2016-05-23 15:00:21 -07:00
|
|
|
});
|
|
|
|
|
|
2020-02-14 14:04:51 -08:00
|
|
|
describe('invite', function () {
|
2021-11-22 19:32:42 +01:00
|
|
|
it('creationg fails for unknown user', async function () {
|
|
|
|
|
const response = await superagent.get(`${serverUrl}/api/v1/users/randomuserid/invite_link`)
|
2021-06-05 11:46:34 -07:00
|
|
|
.query({ access_token: owner.token })
|
2020-02-14 14:04:51 -08:00
|
|
|
.send({})
|
2021-06-05 11:46:34 -07:00
|
|
|
.ok(() => true);
|
|
|
|
|
|
|
|
|
|
expect(response.statusCode).to.equal(404);
|
2020-02-14 14:04:51 -08:00
|
|
|
});
|
2018-01-18 13:41:10 -08:00
|
|
|
|
2021-11-22 19:32:42 +01:00
|
|
|
it('creation succeeds', async function () {
|
|
|
|
|
const response = await superagent.get(`${serverUrl}/api/v1/users/${user.id}/invite_link`)
|
|
|
|
|
.query({ access_token: owner.token })
|
|
|
|
|
.send({})
|
|
|
|
|
.ok(() => true);
|
|
|
|
|
|
|
|
|
|
expect(response.statusCode).to.equal(200);
|
|
|
|
|
expect(response.body.inviteLink).to.be.a('string');
|
|
|
|
|
});
|
|
|
|
|
|
2021-09-30 13:05:18 +02:00
|
|
|
it('sending succeeds', async function () {
|
2021-06-05 11:46:34 -07:00
|
|
|
common.clearMailQueue();
|
2018-01-18 13:41:10 -08:00
|
|
|
|
2021-11-17 11:14:33 -08:00
|
|
|
const response = await superagent.post(`${serverUrl}/api/v1/users/${user.id}/send_invite_email`)
|
2021-06-05 11:46:34 -07:00
|
|
|
.query({ access_token: owner.token })
|
2021-11-17 11:14:33 -08:00
|
|
|
.send({ email: user.email });
|
2021-06-05 11:46:34 -07:00
|
|
|
|
2021-11-17 11:14:33 -08:00
|
|
|
expect(response.statusCode).to.equal(202);
|
2021-06-05 11:46:34 -07:00
|
|
|
await common.checkMails(1);
|
2020-02-14 14:04:51 -08:00
|
|
|
});
|
2015-07-20 00:09:47 -07:00
|
|
|
});
|
|
|
|
|
|
2020-02-14 14:04:51 -08:00
|
|
|
describe('admin status', function () {
|
2021-06-05 11:46:34 -07:00
|
|
|
it('set second user as admin succeeds', async function () {
|
|
|
|
|
const response = await superagent.post(`${serverUrl}/api/v1/users/${user.id}`)
|
|
|
|
|
.query({ access_token: owner.token })
|
|
|
|
|
.send({ role: users.ROLE_ADMIN });
|
|
|
|
|
|
|
|
|
|
expect(response.statusCode).to.equal(204);
|
|
|
|
|
});
|
2016-02-25 13:53:18 +01:00
|
|
|
|
2021-06-05 11:46:34 -07:00
|
|
|
it('did set second user as admin', async function () {
|
|
|
|
|
const response = await superagent.get(`${serverUrl}/api/v1/users/${user.id}`)
|
|
|
|
|
.query({ access_token: owner.token });
|
2018-01-18 13:41:10 -08:00
|
|
|
|
2021-06-05 11:46:34 -07:00
|
|
|
expect(response.statusCode).to.equal(200);
|
|
|
|
|
expect(response.body.role).to.be(users.ROLE_ADMIN);
|
2020-02-14 14:04:51 -08:00
|
|
|
});
|
2018-01-18 13:41:10 -08:00
|
|
|
|
2021-06-05 11:46:34 -07:00
|
|
|
it('make self as admin fails', async function () {
|
|
|
|
|
const response = await superagent.post(`${serverUrl}/api/v1/users/${owner.id}`)
|
|
|
|
|
.query({ access_token: owner.token })
|
2020-02-21 12:17:06 -08:00
|
|
|
.send({ role: users.ROLE_ADMIN })
|
2021-06-05 11:46:34 -07:00
|
|
|
.ok(() => true);
|
|
|
|
|
|
|
|
|
|
expect(response.statusCode).to.equal(409);
|
2020-02-21 12:17:06 -08:00
|
|
|
});
|
|
|
|
|
|
2021-06-05 11:46:34 -07:00
|
|
|
it('make self as normal user fails', async function () {
|
|
|
|
|
const response = await superagent.post(`${serverUrl}/api/v1/users/${owner.id}`)
|
|
|
|
|
.query({ access_token: owner.token })
|
2020-02-21 12:17:06 -08:00
|
|
|
.send({ role: users.ROLE_USER })
|
2021-06-05 11:46:34 -07:00
|
|
|
.ok(() => true);
|
|
|
|
|
|
|
|
|
|
expect(response.statusCode).to.equal(409);
|
2020-02-14 14:04:51 -08:00
|
|
|
});
|
2015-07-20 00:09:47 -07:00
|
|
|
|
2021-06-05 11:46:34 -07:00
|
|
|
it('remove second user as admin succeeds', async function () {
|
|
|
|
|
const response = await superagent.post(`${serverUrl}/api/v1/users/${user.id}`)
|
|
|
|
|
.query({ access_token: owner.token })
|
|
|
|
|
.send({ role: users.ROLE_USER });
|
|
|
|
|
|
|
|
|
|
expect(response.statusCode).to.equal(204);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('normal user cannot change role of admin', async function () {
|
|
|
|
|
const response = await superagent.post(`${serverUrl}/api/v1/users/${owner.id}`)
|
|
|
|
|
.query({ access_token: user.token })
|
2020-02-21 12:17:06 -08:00
|
|
|
.send({ role: users.ROLE_USER })
|
2021-06-05 11:46:34 -07:00
|
|
|
.ok(() => true);
|
|
|
|
|
|
|
|
|
|
expect(response.statusCode).to.equal(403);
|
2020-02-14 14:04:51 -08:00
|
|
|
});
|
2015-07-20 00:09:47 -07:00
|
|
|
});
|
|
|
|
|
|
2020-02-14 14:04:51 -08:00
|
|
|
describe('groups', function () {
|
2021-06-05 11:46:34 -07:00
|
|
|
it('does not list groupIds when listing users', async function () {
|
|
|
|
|
const response = await superagent.get(`${serverUrl}/api/v1/users`)
|
|
|
|
|
.query({ access_token: owner.token });
|
|
|
|
|
|
|
|
|
|
expect(response.statusCode).to.equal(200);
|
|
|
|
|
expect(response.body.users).to.be.an('array');
|
|
|
|
|
|
|
|
|
|
response.body.users.forEach(function (user) {
|
|
|
|
|
expect('groupIds' in user).to.be(false);
|
|
|
|
|
});
|
2020-02-14 14:04:51 -08:00
|
|
|
});
|
2015-07-20 00:09:47 -07:00
|
|
|
});
|
|
|
|
|
|
2020-02-14 14:04:51 -08:00
|
|
|
describe('list users', function () {
|
2021-06-05 11:46:34 -07:00
|
|
|
it('list users fails for normal user', async function () {
|
|
|
|
|
const response = await superagent.get(`${serverUrl}/api/v1/users`)
|
|
|
|
|
.query({ access_token: user.token })
|
|
|
|
|
.ok(() => true);
|
|
|
|
|
|
|
|
|
|
expect(response.statusCode).to.equal(403);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('list users succeeds for admin', async function () {
|
|
|
|
|
const response = await superagent.get(`${serverUrl}/api/v1/users`)
|
|
|
|
|
.query({ access_token: owner.token });
|
|
|
|
|
|
|
|
|
|
expect(response.statusCode).to.equal(200);
|
|
|
|
|
expect(response.body.users).to.be.an('array');
|
|
|
|
|
expect(response.body.users.length).to.be.greaterThan(3);
|
|
|
|
|
|
|
|
|
|
response.body.users.forEach(function (user) {
|
|
|
|
|
expect(user).to.be.an('object');
|
|
|
|
|
expect(user.id).to.be.ok();
|
|
|
|
|
expect(user.email).to.be.ok();
|
|
|
|
|
if (!user.email.startsWith('unnamed')) expect(user.username).to.be.ok();
|
|
|
|
|
expect(user.password).to.not.be.ok();
|
|
|
|
|
expect(user.salt).to.not.be.ok();
|
|
|
|
|
expect(user.groupIds).to.not.be.ok();
|
|
|
|
|
});
|
2020-02-14 14:04:51 -08:00
|
|
|
});
|
2016-02-25 14:03:42 +01:00
|
|
|
});
|
|
|
|
|
|
2020-02-14 14:04:51 -08:00
|
|
|
describe('update', function () {
|
2021-06-05 11:46:34 -07:00
|
|
|
it('change email fails due to missing token', async function () {
|
|
|
|
|
const response = await superagent.post(`${serverUrl}/api/v1/users/${user2.id}`)
|
|
|
|
|
.send({ email: 'newemail@cloudron.local' })
|
|
|
|
|
.ok(() => true);
|
|
|
|
|
|
|
|
|
|
expect(response.statusCode).to.equal(401);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('change email fails due to invalid email', async function () {
|
|
|
|
|
const response = await superagent.post(`${serverUrl}/api/v1/users/${user2.id}`)
|
|
|
|
|
.query({ access_token: owner.token })
|
|
|
|
|
.send({ email: 'newemail@cloudron' })
|
|
|
|
|
.ok(() => true);
|
|
|
|
|
|
|
|
|
|
expect(response.statusCode).to.equal(400);
|
|
|
|
|
});
|
|
|
|
|
|
2021-10-26 22:50:02 +02:00
|
|
|
it('change fallbackEmail fails due to invalid email', async function () {
|
|
|
|
|
const response = await superagent.post(`${serverUrl}/api/v1/users/${user2.id}`)
|
|
|
|
|
.query({ access_token: owner.token })
|
|
|
|
|
.send({ fallbackEmail: 'newemail@cloudron' })
|
|
|
|
|
.ok(() => true);
|
|
|
|
|
|
|
|
|
|
expect(response.statusCode).to.equal(400);
|
|
|
|
|
});
|
|
|
|
|
|
2021-06-05 11:46:34 -07:00
|
|
|
it('change user succeeds without email nor displayName', async function () {
|
|
|
|
|
const response = await superagent.post(`${serverUrl}/api/v1/users/${user2.id}`)
|
|
|
|
|
.query({ access_token: owner.token })
|
|
|
|
|
.send({});
|
|
|
|
|
|
|
|
|
|
expect(response.statusCode).to.equal(204);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('change email succeeds', async function () {
|
|
|
|
|
user2.email = 'NewEmail@cloudron.local';
|
|
|
|
|
const response = await superagent.post(`${serverUrl}/api/v1/users/${user2.id}`)
|
|
|
|
|
.query({ access_token: owner.token })
|
|
|
|
|
.send({ email: user2.email });
|
|
|
|
|
|
|
|
|
|
expect(response.statusCode).to.equal(204);
|
|
|
|
|
|
|
|
|
|
const response2 = await superagent.get(`${serverUrl}/api/v1/users/${user2.id}`)
|
|
|
|
|
.query({ access_token: owner.token });
|
|
|
|
|
|
|
|
|
|
expect(response2.statusCode).to.equal(200);
|
|
|
|
|
expect(response2.body.username).to.equal(user2.username.toLowerCase());
|
|
|
|
|
expect(response2.body.email).to.equal(user2.email.toLowerCase());
|
|
|
|
|
expect(response2.body.displayName).to.equal('');
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('cannot change email to existing one', async function () {
|
|
|
|
|
const response = await superagent.post(`${serverUrl}/api/v1/users/${user2.id}`)
|
|
|
|
|
.query({ access_token: owner.token })
|
|
|
|
|
.send({ email: owner.email })
|
|
|
|
|
.ok(() => true);
|
|
|
|
|
|
|
|
|
|
expect(response.statusCode).to.equal(409);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('can change display name', async function () {
|
|
|
|
|
const displayName = 'New name';
|
|
|
|
|
|
|
|
|
|
const response = await superagent.post(`${serverUrl}/api/v1/users/${user2.id}`)
|
|
|
|
|
.query({ access_token: owner.token })
|
|
|
|
|
.send({ displayName: displayName });
|
|
|
|
|
|
|
|
|
|
expect(response.statusCode).to.equal(204);
|
|
|
|
|
|
|
|
|
|
const response2 = await superagent.get(`${serverUrl}/api/v1/users/${user2.id}`)
|
|
|
|
|
.query({ access_token: owner.token });
|
|
|
|
|
|
|
|
|
|
expect(response2.statusCode).to.equal(200);
|
|
|
|
|
expect(response2.body.displayName).to.equal(displayName);
|
2020-02-14 14:04:51 -08:00
|
|
|
});
|
2018-04-26 13:58:21 -07:00
|
|
|
});
|
|
|
|
|
|
2020-02-14 14:04:51 -08:00
|
|
|
describe('password', function () {
|
2021-06-05 11:46:34 -07:00
|
|
|
it('change password fails due to missing token', async function () {
|
|
|
|
|
const response = await superagent.post(`${serverUrl}/api/v1/users/${user.id}/password`)
|
2020-02-14 14:04:51 -08:00
|
|
|
.send({ password: 'youdontsay' })
|
2021-06-05 11:46:34 -07:00
|
|
|
.ok(() => true);
|
|
|
|
|
|
|
|
|
|
expect(response.statusCode).to.equal(401);
|
2020-02-14 14:04:51 -08:00
|
|
|
});
|
2018-04-26 13:58:21 -07:00
|
|
|
|
2021-06-05 11:46:34 -07:00
|
|
|
it('change password fails due to small password', async function () {
|
|
|
|
|
const response = await superagent.post(`${serverUrl}/api/v1/users/${user.id}/password`)
|
|
|
|
|
.query({ access_token: owner.token })
|
2020-02-14 14:04:51 -08:00
|
|
|
.send({ password: 'small' })
|
2021-06-05 11:46:34 -07:00
|
|
|
.ok(() => true);
|
|
|
|
|
|
|
|
|
|
expect(response.statusCode).to.equal(400);
|
2020-02-14 14:04:51 -08:00
|
|
|
});
|
2018-08-31 14:30:00 -07:00
|
|
|
|
2021-06-05 11:46:34 -07:00
|
|
|
it('change password succeeds', async function () {
|
|
|
|
|
const response = await superagent.post(`${serverUrl}/api/v1/users/${user.id}/password`)
|
|
|
|
|
.query({ access_token: owner.token })
|
|
|
|
|
.send({ password: 'bigenough' });
|
|
|
|
|
|
|
|
|
|
expect(response.statusCode).to.equal(204);
|
2020-02-14 14:04:51 -08:00
|
|
|
});
|
2018-08-31 14:30:00 -07:00
|
|
|
|
2021-07-15 09:50:11 -07:00
|
|
|
it('did change the user password', async function () {
|
|
|
|
|
await users.verify(user.id, 'bigenough', users.AP_WEBADMIN);
|
2020-02-14 14:04:51 -08:00
|
|
|
});
|
2018-08-31 14:30:00 -07:00
|
|
|
});
|
|
|
|
|
|
2021-06-05 11:46:34 -07:00
|
|
|
describe('role - user manager', function () {
|
|
|
|
|
it('can make second user a usermanager', async function () {
|
|
|
|
|
const response = await superagent.post(`${serverUrl}/api/v1/users/${user.id}`)
|
|
|
|
|
.query({ access_token: owner.token })
|
|
|
|
|
.send({ role: users.ROLE_USER_MANAGER });
|
|
|
|
|
|
|
|
|
|
expect(response.statusCode).to.equal(204);
|
2020-02-14 14:04:51 -08:00
|
|
|
});
|
2020-02-14 14:34:29 -08:00
|
|
|
|
2021-06-05 11:46:34 -07:00
|
|
|
it('can list users as usermanager', async function () {
|
|
|
|
|
const response = await superagent.get(`${serverUrl}/api/v1/users`)
|
|
|
|
|
.query({ access_token: user.token });
|
2020-02-14 14:34:29 -08:00
|
|
|
|
2021-06-05 11:46:34 -07:00
|
|
|
expect(response.statusCode).to.equal(200);
|
|
|
|
|
expect(response.body.users).to.be.an(Array);
|
|
|
|
|
expect(response.body.users.length).to.be.greaterThan(3);
|
2020-02-14 14:34:29 -08:00
|
|
|
});
|
|
|
|
|
|
2021-06-05 11:46:34 -07:00
|
|
|
it('cannot set password of admin', async function () {
|
|
|
|
|
const response = await superagent.post(`${serverUrl}/api/v1/users/${owner.id}/password`)
|
|
|
|
|
.query({ access_token: user.token })
|
2020-02-14 14:34:29 -08:00
|
|
|
.send({ password: 'bigenough' })
|
2021-06-05 11:46:34 -07:00
|
|
|
.ok(() => true);
|
|
|
|
|
|
|
|
|
|
expect(response.statusCode).to.equal(403);
|
2020-02-14 14:34:29 -08:00
|
|
|
});
|
|
|
|
|
|
2021-06-05 11:46:34 -07:00
|
|
|
it('can set password of another', async function () {
|
|
|
|
|
const response = await superagent.post(`${serverUrl}/api/v1/users/${user2.id}/password`)
|
|
|
|
|
.query({ access_token: user.token })
|
|
|
|
|
.send({ password: 'bigenough' });
|
|
|
|
|
|
|
|
|
|
expect(response.statusCode).to.equal(204);
|
2020-02-14 14:34:29 -08:00
|
|
|
});
|
|
|
|
|
|
2021-06-05 11:46:34 -07:00
|
|
|
it('cannot change admin bit of another', async function () {
|
|
|
|
|
const response = await superagent.post(`${serverUrl}/api/v1/users/${owner.id}`)
|
|
|
|
|
.query({ access_token: user.token })
|
2020-02-21 12:17:06 -08:00
|
|
|
.send({ role: users.ROLE_ADMIN })
|
2021-06-05 11:46:34 -07:00
|
|
|
.ok(() => true);
|
|
|
|
|
|
|
|
|
|
expect(response.statusCode).to.equal(403);
|
2020-02-14 14:34:29 -08:00
|
|
|
});
|
|
|
|
|
|
2021-06-05 11:46:34 -07:00
|
|
|
it('cannot change admin bit of self', async function () {
|
|
|
|
|
const response = await superagent.post(`${serverUrl}/api/v1/users/${user.id}`)
|
|
|
|
|
.query({ access_token: user.token })
|
2020-02-21 12:17:06 -08:00
|
|
|
.send({ role: users.ROLE_ADMIN })
|
2021-06-05 11:46:34 -07:00
|
|
|
.ok(() => true);
|
|
|
|
|
|
|
|
|
|
expect(response.statusCode).to.equal(409);
|
2020-02-14 14:34:29 -08:00
|
|
|
});
|
|
|
|
|
|
2021-06-05 11:46:34 -07:00
|
|
|
it('cannot remove admin', async function () {
|
|
|
|
|
const response = await superagent.del(`${serverUrl}/api/v1/users/${owner.id}`)
|
|
|
|
|
.query({ access_token: user.token })
|
|
|
|
|
.ok(() => true);
|
|
|
|
|
|
|
|
|
|
expect(response.statusCode).to.equal(403);
|
2020-02-14 14:34:29 -08:00
|
|
|
});
|
|
|
|
|
|
2021-06-05 11:46:34 -07:00
|
|
|
it('can remove normal user', async function () {
|
|
|
|
|
const response = await superagent.del(`${serverUrl}/api/v1/users/${unnamedUser.id}`)
|
|
|
|
|
.query({ access_token: user.token });
|
|
|
|
|
|
|
|
|
|
expect(response.statusCode).to.equal(204);
|
2020-02-14 14:34:29 -08:00
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
describe('remove', function () {
|
2021-06-05 11:46:34 -07:00
|
|
|
it('remove random user fails', async function () {
|
|
|
|
|
const response = await superagent.del(`${serverUrl}/api/v1/users/randomid`)
|
|
|
|
|
.query({ access_token: owner.token })
|
|
|
|
|
.ok(() => true);
|
2020-02-14 14:34:29 -08:00
|
|
|
|
2021-06-05 11:46:34 -07:00
|
|
|
expect(response.statusCode).to.equal(404);
|
2020-02-14 14:34:29 -08:00
|
|
|
});
|
2021-01-15 21:09:06 +01:00
|
|
|
|
2021-06-05 11:46:34 -07:00
|
|
|
it('user cannot removes himself', async function () {
|
|
|
|
|
const response = await superagent.del(`${serverUrl}/api/v1/users/${owner.id}`)
|
|
|
|
|
.query({ access_token: owner.token })
|
|
|
|
|
.ok(() => true);
|
2021-01-15 21:09:06 +01:00
|
|
|
|
2021-06-05 11:46:34 -07:00
|
|
|
expect(response.statusCode).to.equal(409);
|
|
|
|
|
});
|
2021-01-15 21:09:06 +01:00
|
|
|
|
2021-06-05 11:46:34 -07:00
|
|
|
it('admin removes normal user', async function () {
|
|
|
|
|
const response = await superagent.del(`${serverUrl}/api/v1/users/${user2.id}`)
|
|
|
|
|
.query({ access_token: owner.token })
|
|
|
|
|
.ok(() => true);
|
2021-01-15 21:09:06 +01:00
|
|
|
|
2021-06-05 11:46:34 -07:00
|
|
|
expect(response.statusCode).to.equal(204);
|
2021-01-15 21:09:06 +01:00
|
|
|
});
|
|
|
|
|
|
2021-06-05 11:46:34 -07:00
|
|
|
it('admin removes himself should not be allowed', async function () {
|
|
|
|
|
const response = await superagent.del(`${serverUrl}/api/v1/users/${owner.id}`)
|
|
|
|
|
.query({ access_token: owner.token })
|
|
|
|
|
.ok(() => true);
|
|
|
|
|
|
|
|
|
|
expect(response.statusCode).to.equal(409);
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
describe('transfer ownership', function () {
|
|
|
|
|
it('succeeds', async function () {
|
|
|
|
|
const response = await superagent.post(`${serverUrl}/api/v1/users/${user.id}/make_owner`)
|
|
|
|
|
.query({ access_token: owner.token })
|
|
|
|
|
.send({});
|
|
|
|
|
|
|
|
|
|
expect(response.statusCode).to.equal(204);
|
2021-01-15 21:09:06 +01:00
|
|
|
});
|
|
|
|
|
});
|
2015-07-20 00:09:47 -07:00
|
|
|
});
|
2018-04-26 13:58:21 -07:00
|
|
|
|
