foltik
/
shimapan
зеркало из https://github.com/Foltik/Shimapan
1
0
Форкнуть 0
Код Задачи 0 Релизы 0 Вики Активность
A simple file sharing site with an easy to use API and online panel.
Вы не можете выбрать более 25 тем Темы должны начинаться с буквы или цифры, могут содержать дефисы(-) и должны содержать не более 35 символов.
279 коммитов
2 Ветки
108MB
ветка: master
Ветки Теги
${ item.name }
Создать ветку ${ searchTerm }
из 'master'
${ noResults }
shimapan/test/api.js

1207 строки
52KB
Исходник Постоянная ссылка Blame История 

  1. process.env.NODE_ENV = 'test';

  2. 

  3. const chai = require('chai');

  4. chai.use(require('chai-http'));

  5. const should = chai.should();

  6. const describe = require('mocha').describe;

  7. 

  8. const ModelPath = '../app/models/';

  9. const User = require(ModelPath + 'User.js');

  10. const Upload = require(ModelPath + 'Upload.js');

  11. const Key = require(ModelPath + 'Key.js');

  12. const Invite = require(ModelPath + 'Invite.js');

  13. const View = require(ModelPath + 'View.js');

  14. 

  15. const util = require('./testUtil.js');

  16. const canonicalize = require('../app/util/auth/canonicalize');

  17. 

  18. const config = require('config');

  19. let app;

  20. let server;

  21. let agent;

  22. 

  23. before(() => {

  24.     const main = require('../server.js');

  25.     app = main.app;

  26.     server = main.server;

  27.     agent = chai.request.agent(app);

  28. });

  29. 

  30. after(() => {

  31.     server.close();

  32. });

  33. 

  34. beforeEach(() => util.clearDatabase());

  35. 

  36. describe('Authentication', () => {

  37.     describe('/POST register', () => {

  38.         describe('0 Valid Request', () => {

  39.             async function verifySuccessfulRegister(user) {

  40.                 await util.createTestInvite();

  41. 

  42.                 const res = await util.registerUser(user, agent);

  43.                 util.verifyResponse(res, 200, 'Registration successful.');

  44. 

  45.                 const userCount = await User.countDocuments({displayname: user.displayname});

  46.                 userCount.should.equal(1, 'The user should have be created in the database');

  47. 

  48.                 const inviteCount = await Invite.countDocuments({

  49.                     code: user.invite,

  50.                     recipient: canonicalize(user.displayname)

  51.                 });

  52.                 inviteCount.should.equal(1, 'The invite should be marked as used by the user');

  53.             }

  54. 

  55.             it('MUST register a valid user with a valid invite', async () =>

  56.                 verifySuccessfulRegister({displayname: 'user', password: 'pass', invite: 'code'})

  57.             );

  58. 

  59.             it('MUST register a username with unicode symbols and a valid invite', async () =>

  60.                 verifySuccessfulRegister({displayname: 'ᴮᴵᴳᴮᴵᴿᴰ', password: 'pass', invite: 'code'})

  61.             );

  62.         });

  63. 

  64.         describe('1 Invalid Invites', () => {

  65.             async function verifyRejectedInvite(invite, message) {

  66.                 const user = {displayname: 'user', password: 'pass', invite: 'code'};

  67.                 if (invite) {

  68.                     await util.insertInvite(invite, agent);

  69.                     user.invite = invite.code;

  70.                 }

  71. 

  72.                 const res = await (util.registerUser(user, agent));

  73.                 util.verifyResponse(res, 422, message);

  74. 

  75.                 const inviteCount = await Invite.countDocuments({

  76.                     code: user.invite,

  77.                     recipient: canonicalize(user.displayname)

  78.                 });

  79.                 inviteCount.should.equal(0, 'Invite should not be marked as used or received by the user');

  80.             }

  81. 

  82.             it('MUST NOT register a nonexistant invite', async () =>

  83.                 verifyRejectedInvite(null, 'Invalid invite code.')

  84.             );

  85. 

  86.             it('MUST NOT register a used invite', async () =>

  87.                 verifyRejectedInvite({code: 'code', used: new Date(), issuer: 'Mocha'}, 'Invite already used.')

  88.             );

  89. 

  90.             it('MUST NOT register an expired invite', async () =>

  91.                 verifyRejectedInvite({code: 'code', expires: new Date(), issuer: 'Mocha'}, 'Invite expired.')

  92.             );

  93.         });

  94. 

  95.         describe('2 Invalid Displaynames', () => {

  96.             async function verifyRejectedUsername(user, code, message) {

  97.                 const res = await util.registerUser(user, agent);

  98.                 util.verifyResponse(res, code, message);

  99. 

  100.                 const inviteCount = await Invite.countDocuments({

  101.                     code: user.invite,

  102.                     recipient: canonicalize(user.displayname)

  103.                 });

  104.                 inviteCount.should.equal(0, 'The invite should not be inserted into the database after rejection');

  105.             }

  106. 

  107.             it('MUST NOT register a duplicate username', async () => {

  108.                 await util.createTestInvites(2);

  109.                 const user0 = {displayname: 'user', password: 'pass', invite: 'code0'};

  110.                 const user1 = {displayname: 'user', password: 'diff', invite: 'code1'};

  111. 

  112.                 await util.registerUser(user0, agent);

  113.                 return verifyRejectedUsername(user1, 422, 'Username in use.');

  114.             });

  115. 

  116.             it('MUST NOT register a username with a duplicate canonical name', async () => {

  117.                 await util.createTestInvites(2);

  118.                 const user0 = {displayname: 'bigbird', password: 'pass', invite: 'code0'};

  119.                 const user1 = {displayname: 'ᴮᴵᴳᴮᴵᴿᴰ', password: 'diff', invite: 'code1'};

  120. 

  121.                 await util.registerUser(user0, agent);

  122.                 return verifyRejectedUsername(user1, 422, 'Username in use.');

  123.             });

  124. 

  125.             it('MUST NOT register a username containing whitespace', async () => {

  126.                 await util.createTestInvites(3);

  127.                 const users = [

  128.                     {displayname: 'user name', password: 'pass', invite: 'code0'},

  129.                     {displayname: 'user name', password: 'pass', invite: 'code1'},

  130.                     {displayname: 'user name', password: 'pass', invite: 'code2'}

  131.                 ];

  132. 

  133.                 const failMsg = 'displayname contains invalid characters.';

  134.                 return Promise.all(users.map(user => verifyRejectedUsername(user, 400, failMsg)));

  135.             });

  136. 

  137.             it('MUST NOT register a username containing HTML', async () => {

  138.                 await util.createTestInvite();

  139.                 const user = {displayname: 'user<svg/onload=alert("XSS")>', password: 'pass', invite: 'code'};

  140.                 return verifyRejectedUsername(user, 400, 'displayname contains invalid characters.');

  141.             });

  142. 

  143.             it('MUST NOT register a username with too many characters', async () => {

  144.                 await util.createTestInvite();

  145.                 const user = {displayname: '123456789_123456789_123456789_1234567', password: 'pass', invite: 'code'};

  146.                 return verifyRejectedUsername(user, 400, 'displayname too long.');

  147.             });

  148.         });

  149.     });

  150. 

  151.     describe('/POST login', () => {

  152.         async function verifySuccessfulLogin(credentials) {

  153.             // Login with the agent

  154.             const res = await util.login(credentials, agent);

  155.             util.verifyResponse(res, 200, 'Logged in.');

  156.             res.should.have.cookie('session.id');

  157. 

  158.             // Get /api/auth/whoami, which can only be viewed when logged in

  159.             const whoami = await util.whoami(agent);

  160.             whoami.should.have.status(200);

  161.         }

  162. 

  163.         async function verifyFailedLogin(credentials) {

  164.             const res = await util.login(credentials, agent);

  165.             util.verifyResponse(res, 401, 'Unauthorized.');

  166.         }

  167. 

  168.         describe('0 Valid Request', () => {

  169.             it('SHOULD accept a valid user with a valid password', async () => {

  170.                 await util.createTestUser(agent);

  171.                 return verifySuccessfulLogin({displayname: 'user', password: 'pass'});

  172.             });

  173. 

  174.             it('SHOULD accept any non-normalized variant of a username with a valid password', async () => {

  175.                 await util.createTestInvite();

  176.                 await util.registerUser({displayname: 'ᴮᴵᴳᴮᴵᴿᴰ', password: 'pass', invite: 'code'}, agent);

  177.                 return verifySuccessfulLogin({displayname: 'BiGbIrD', password: 'pass'});

  178.             });

  179.         });

  180. 

  181.         describe('1 Invalid Password', () => {

  182.             it('SHOULD NOT accept an invalid password', async () => {

  183.                 await util.createTestUser(agent);

  184.                 return verifyFailedLogin({displayname: 'user', password: 'bogus'});

  185.             });

  186.         });

  187. 

  188.         describe('2 Invalid User', () => {

  189.             it('SHOULD NOT accept an invalid user', async () =>

  190.                 verifyFailedLogin({displayname: 'bogus', password: 'bogus'})

  191.             );

  192.         });

  193.     });

  194. 

  195.     describe('/POST logout', () => {

  196.         async function verifyNoSession() {

  197.             const res = await util.whoami(agent);

  198.             util.verifyResponse(res, 401, 'Unauthorized.');

  199.         }

  200. 

  201.         describe('0 Valid Request', () => {

  202.             it('must logout a user with a session', async () => {

  203.                 await util.createTestSession(agent);

  204.                 const res = await util.logout(agent);

  205.                 util.verifyResponse(res, 200, 'Logged out.');

  206.                 return verifyNoSession();

  207.             });

  208.         });

  209. 

  210.         describe('1 Invalid Session', () => {

  211.             it('must not logout a user without a session', async () => {

  212.                 const res = await util.logout(agent);

  213.                 util.verifyResponse(res, 400, 'Not logged in.');

  214.                 return verifyNoSession();

  215.             });

  216.         });

  217.     });

  218. 

  219.     describe('/POST whoami', () => {

  220.         function verifyWhoami(res, username, displayname, scope, key) {

  221.             res.should.have.status(200);

  222.             res.body.should.be.a('object');

  223.             res.body.should.have.property('username').equal(username);

  224.             res.body.should.have.property('displayname').equal(displayname);

  225.             res.body.should.have.property('scope').deep.equal(scope);

  226.             res.body.should.have.property('key').equal(key);

  227.         }

  228. 

  229.         describe('0 Valid Request', () => {

  230.             it('must respond with a valid session', async () => {

  231.                 await util.createTestSession(agent);

  232.                 const res = await util.whoami(agent);

  233.                 verifyWhoami(res, 'user', 'user', ['file.upload'], null);

  234.                 return util.logout(agent);

  235.             });

  236. 

  237.             it('must respond with a valid api key', async () => {

  238.                 await util.createTestKey(['file.upload']);

  239.                 const res = await util.whoami(agent, 'key');

  240.                 verifyWhoami(res, 'Mocha', 'Mocha', ['file.upload'], 'key');

  241.             });

  242.         });

  243. 

  244.         describe('1 Invalid Auth', () => {

  245.             it('must not respond with an invalid session', async () => {

  246.                 const res = await util.whoami(agent);

  247.                 util.verifyResponse(res, 401, 'Unauthorized.');

  248.             });

  249. 

  250.             it('must not respond with a banned user with a valid session', async () => {

  251.                 await util.createTestSession(agent);

  252.                 await util.setBanned('user', true);

  253.                 const res = await util.whoami(agent);

  254.                 util.verifyResponse(res, 403, 'Forbidden.');

  255.             });

  256. 

  257.             it('must not respond with a banned users api key', async () => {

  258.                 await util.createTestUser(agent);

  259.                 await Promise.all([

  260.                     util.setBanned('user', true),

  261.                     util.insertKey({key: 'key', identifier: 'test', scope: ['file.upload'], issuer: 'user'})

  262.                 ]);

  263.                 const res = await util.whoami(agent, 'key');

  264.                 util.verifyResponse(res, 403, 'Forbidden.');

  265.             });

  266.         });

  267.     });

  268. });

  269. 

  270. describe('Uploading', () => {

  271.     after(async () => util.clearDirectory(config.get('Upload.path')));

  272. 

  273.     describe('/POST upload', () => {

  274.         async function verifySuccessfulUpload(file, key) {

  275.             // Get file stats beforehand

  276.             const fileHash = await util.fileHash(file);

  277. 

  278.             // Submit the upload and verify the result

  279.             const res = await util.upload(file, agent, key);

  280.             res.should.have.status(200);

  281.             res.body.should.be.a('object');

  282.             res.body.should.have.property('url');

  283.             const idLength = config.get('Upload.idLength');

  284.             res.body.should.have.property('uid').length(idLength, 'The UID should be a ' + idLength + ' letter lowercase string.');

  285. 

  286.             // Find the uploaded file in the database

  287.             const upload = await Upload.findOne({uid: res.body.uid}, {_id: 0, uid: 1, file: 1});

  288.             const uploadFile = upload.file.path;

  289.             upload.should.be.a('object');

  290.             upload.uid.should.equal(res.body.uid, 'The uploaded file in the database should exist and match the reponse ID.');

  291. 

  292.             // Verify the uploaded file is the same as the file now on disk

  293.             const uploadHash = await util.fileHash(uploadFile);

  294.             uploadHash.should.equal(fileHash, 'The uploaded file and the file on disk should have matching hashes.');

  295.         }

  296. 

  297.         async function verifySuccessfulUserUpload(file, username) {

  298.             // Get the user's stats beforehand

  299.             const userBefore = await User.findOne({username: username}, {_id: 0, uploadCount: 1, uploadSize: 1});

  300. 

  301.             await verifySuccessfulUpload(file);

  302. 

  303.             // Verify the user's stats have been updated correctly

  304.             const userAfter = await User.findOne({username: username}, {_id: 0, uploadCount: 1, uploadSize: 1});

  305.             const fileSize = await util.fileSize(file);

  306.             userAfter.uploadCount.should.equal(userBefore.uploadCount + 1, 'The users upload count should be incremented.');

  307.             userAfter.uploadSize.should.equal(userBefore.uploadSize + fileSize, 'The users upload size should be properly increased.');

  308.         }

  309. 

  310.         async function verifySuccessfulKeyUpload(file, key) {

  311.             // Get the key's stats beforehand

  312.             const keyBefore = await Key.findOne({key: key}, {_id: 0, uploadCount: 1, uploadSize: 1});

  313. 

  314.             await verifySuccessfulUpload(file, key);

  315. 

  316.             // Verify the key's stats have been updated correctly

  317.             const keyAfter = await Key.findOne({key: key}, {_id: 0, uploadCount: 1, uploadSize: 1});

  318.             const fileSize = await util.fileSize(file);

  319.             keyAfter.uploadCount.should.equal(keyBefore.uploadCount + 1, 'The keys upload count should be incremented.');

  320.             keyAfter.uploadSize.should.equal(keyBefore.uploadSize + fileSize, 'The keys upload size should be properly increased');

  321.         }

  322. 

  323.         async function verifyFailedUpload(file, status, message, key) {

  324.             const fileCountBefore = await util.directoryFileCount(config.get('Upload.path'));

  325.             const uploadCountBefore = await Upload.countDocuments({});

  326. 

  327.             const res = await util.upload(file, agent, key);

  328.             util.verifyResponse(res, status, message);

  329. 

  330.             const fileCountAfter = await util.directoryFileCount(config.get('Upload.path'));

  331.             fileCountAfter.should.equal(fileCountBefore, 'File should not be written to disk');

  332. 

  333.             const uploadCountAfter = await Upload.countDocuments({});

  334.             uploadCountAfter.should.equal(uploadCountBefore, 'No uploads should be written to the database');

  335.         }

  336. 

  337.         describe('0 Valid Request', () => {

  338.             it('SHOULD accept an upload from a valid session', async () => {

  339.                 await Promise.all([

  340.                     util.createTestSession(agent),

  341.                     util.createTestFile(2048, 'test.bin')

  342.                 ]);

  343. 

  344.                 await verifySuccessfulUserUpload('test.bin', 'user');

  345. 

  346.                 return Promise.all([

  347.                     util.logout(agent),

  348.                     util.deleteFile('test.bin')

  349.                 ]);

  350.             });

  351. 

  352.             it('SHOULD accept an upload from a valid api key', async () => {

  353.                 await Promise.all([

  354.                     util.createTestKey(['file.upload']),

  355.                     util.createTestFile(2048, 'test.bin')

  356.                 ]);

  357. 

  358.                 await verifySuccessfulKeyUpload('test.bin', 'key');

  359. 

  360.                 return util.deleteFile('test.bin');

  361.             })

  362.         });

  363. 

  364.         describe('1 Invalid Authentication', () => {

  365.             it('SHOULD NOT accept an unauthenticated request', async () => {

  366.                 await util.createTestFile(2048, 'test.bin');

  367. 

  368.                 await verifyFailedUpload('test.bin', 401, 'Unauthorized.');

  369. 

  370.                 return util.deleteFile('test.bin');

  371.             });

  372. 

  373.             it('SHOULD NOT accept a session request without file.upload scope', async () => {

  374.                 await util.insertInvite({code: 'code', scope: [], issuer: 'Mocha'});

  375.                 await util.registerUser({displayname: 'user', password: 'pass', invite: 'code'}, agent);

  376.                 await util.login({displayname: 'user', password: 'pass'}, agent);

  377. 

  378.                 await util.createTestFile(2048, 'test.bin');

  379. 

  380.                 await verifyFailedUpload('test.bin', 403, 'Forbidden.');

  381. 

  382.                 return Promise.all([

  383.                     util.logout(agent),

  384.                     util.deleteFile('test.bin')

  385.                 ]);

  386.             });

  387. 

  388.             it('SHOULD NOT accept a key request without file.upload scope', async () => {

  389.                 await Promise.all([

  390.                     util.createTestKey([]),

  391.                     util.createTestFile(2048, 'test.bin')

  392.                 ]);

  393. 

  394.                 await verifyFailedUpload('test.bin', 403, 'Forbidden.', 'key');

  395. 

  396.                 return util.deleteFile('test.bin');

  397.             })

  398.         });

  399. 

  400.         describe('3 Invalid File', () => {

  401.             before(() => util.createTestFile(config.get('Upload.maxSize') + 1024, 'large.bin'));

  402.             after(() => util.deleteFile('large.bin'));

  403. 

  404.             it('SHOULD NOT accept a too large file', async () => {

  405.                 await util.createTestSession(agent);

  406.                 await verifyFailedUpload('large.bin', 413, 'File too large.');

  407.                 return util.logout(agent);

  408.             });

  409.         });

  410. 

  411.         describe('4 Malformed Request', () => {

  412.             it('SHOULD NOT accept a request with no file attached', async () => {

  413.                 await util.createTestSession(agent);

  414.                 await verifyFailedUpload(null, 400, 'Bad request.');

  415. 

  416.                 return util.logout(agent);

  417.             });

  418. 

  419.             it('must only accept one file from a request with multiple files attached', async () => {

  420.                 await Promise.all([

  421.                     util.createTestFile(2048, 'test1.bin'),

  422.                     util.createTestFile(2048, 'test2.bin'),

  423.                     util.createTestSession(agent)

  424.                 ]);

  425. 

  426. 

  427.                 const fileCountBefore = await util.directoryFileCount(config.get('Upload.path'));

  428.                 const uploadCountBefore = await Upload.countDocuments({});

  429. 

  430.                 const res = await agent.post('/api/upload')

  431.                     .attach('file', 'test1.bin', 'test1.bin')

  432.                     .attach('file1', 'test2.bin', 'test2.bin');

  433. 

  434.                 util.verifyResponse(res, 200, 'File uploaded.');

  435. 

  436.                 const fileCountAfter = await util.directoryFileCount(config.get('Upload.path'));

  437.                 fileCountAfter.should.equal(fileCountBefore + 1, 'Only one file should be written to the disk');

  438. 

  439.                 const uploadCountAfter = await Upload.countDocuments({});

  440.                 uploadCountAfter.should.equal(uploadCountBefore + 1, 'Only one upload should be written to the database');

  441. 

  442.                 return Promise.all([

  443.                     util.deleteFile('test1.bin'),

  444.                     util.deleteFile('test2.bin')

  445.                 ]);

  446.             })

  447.         })

  448.     });

  449. });

  450. 

  451. describe('Viewing', () => {

  452.     async function verifyView(file, uid, disposition) {

  453.         const uploadViewsBefore = (await Upload.findOne({uid: uid})).views;

  454.         const viewsBefore = await View.countDocuments();

  455. 

  456.         const res = await util.view(uid, agent)

  457.             .parse(util.binaryFileParser);

  458. 

  459.         res.should.have.status(200);

  460.         res.should.have.header('content-disposition', disposition);

  461. 

  462.         const [uploadHash, downloadHash] = await Promise.all([

  463.             util.fileHash(file),

  464.             util.bufferHash(res.body)

  465.         ]);

  466.         downloadHash.should.equal(uploadHash, 'Uploaded file and downloaded hash should match');

  467. 

  468.         const viewsAfter = await View.countDocuments();

  469.         const uploadViewsAfter = (await Upload.findOne({uid: uid})).views;

  470.         uploadViewsAfter.should.equal(uploadViewsBefore + 1, 'The files views should be incremented.');

  471.         viewsAfter.should.equal(viewsBefore + 1, 'A view object should have been inserted to the database.');

  472.     }

  473. 

  474.     it('must return an uploaded binary file', async () => {

  475.         await Promise.all([

  476.             util.createTestSession(agent),

  477.             util.createTestFile(2048, 'test.bin')

  478.         ]);

  479.         const upload = await util.upload('test.bin', agent);

  480.         await verifyView('test.bin', upload.body.uid, 'attachment; filename="test.bin"');

  481.         return util.deleteFile('test.bin');

  482.     });

  483. 

  484.     it('must return an uploaded image file inline', async () => {

  485.         await Promise.all([

  486.             util.createTestSession(agent),

  487.             util.createTestFile(2048, 'test.jpg')

  488.         ]);

  489.         const upload = await util.upload('test.jpg', agent);

  490.         await verifyView('test.jpg', upload.body.uid, 'inline');

  491.         return util.deleteFile('test.jpg');

  492.     });

  493. 

  494.     it('must return an error when file not found', async () => {

  495.         const res = await util.view('abcdef', agent);

  496.         util.verifyResponse(res, 404, 'File not found.');

  497.     });

  498. });

  499. 

  500. describe('Invites', () => {

  501.     describe('/POST create', () => {

  502.         async function verifyCreatedInvite(invite) {

  503.             const res = await util.createInvite(invite, agent);

  504.             util.verifyResponse(res, 200, 'Invite created.');

  505.             res.body.should.have.property('code').match(/^[A-Fa-f0-9]+$/, 'The invite should be a hex string.');

  506. 

  507.             const dbInvite = await Invite.findOne({code: res.body.code});

  508.             dbInvite.should.not.equal(null);

  509.             dbInvite.scope.should.deep.equal(invite.scope, 'The created invites scope should match the request.');

  510.             dbInvite.issuer.should.equal('user');

  511.         }

  512. 

  513.         describe('0 Valid Request', () => {

  514.             it('SHOULD create an invite with valid scope from a valid session', async () => {

  515.                 await util.createSession(agent, ['invite.create', 'file.upload']);

  516.                 return verifyCreatedInvite({scope: ['file.upload']});

  517.             });

  518.         });

  519. 

  520.         describe('1 Invalid Scope', () => {

  521.             it('SHOULD NOT create in invite without invite.create scope', async () => {

  522.                 await util.createSession(agent, ['file.upload']);

  523.                 const res = await util.createInvite({scope: ['file.upload']}, agent);

  524.                 util.verifyResponse(res, 403, 'Forbidden.');

  525.             });

  526. 

  527.             it('SHOULD NOT create an invite with a scope exceeding the requesters', async () => {

  528.                 await util.createSession(agent, ['invite.create', 'file.upload']);

  529.                 const res = await util.createInvite({scope: ['user.ban']}, agent);

  530.                 util.verifyResponse(res, 403, 'Requested scope exceeds own scope.');

  531.             });

  532.         });

  533.     });

  534. 

  535.     describe('/POST delete', () => {

  536.         async function verifyDeletedInvite(code) {

  537.             const res = await util.deleteInvite(code, agent);

  538.             util.verifyResponse(res, 200, 'Invite deleted.');

  539. 

  540.             const inviteCount = await Invite.countDocuments({code: code});

  541.             inviteCount.should.equal(0, 'The invite should be removed from the database.');

  542.         }

  543. 

  544.         describe('0 Valid Request', () => {

  545.             it('SHOULD delete an invite with valid permission from a valid session', async () => {

  546.                 await util.createSession(agent, ['invite.create', 'invite.delete', 'file.upload']);

  547.                 const res = await util.createInvite({scope: ['file.upload']}, agent);

  548.                 return verifyDeletedInvite(res.body.code);

  549.             });

  550. 

  551.             it('SHOULD delete another users invite with invite.delete.others scope', async () => {

  552.                 await util.createSession(agent, ['invite.create', 'file.upload'], 'alice');

  553.                 const invite = await util.createInvite({scope: ['file.upload']}, agent);

  554.                 await util.logout(agent);

  555. 

  556.                 await util.createSession(agent, ['invite.create', 'invite.delete', 'invite.delete.others'], 'eve');

  557.                 return verifyDeletedInvite(invite.body.code);

  558.             });

  559. 

  560.             it('SHOULD delete a usedinvite with invite.delete.used scope', async () => {

  561.                 await util.createSession(agent, ['invite.create', 'invite.delete', 'invite.delete.used', 'file.upload'], 'alice');

  562.                 const invite = await util.createInvite({scope: ['file.upload']}, agent);

  563.                 await util.registerUser({displayname: 'bob', password: 'hunter2', invite: invite.body.code}, agent);

  564. 

  565.                 return verifyDeletedInvite(invite.body.code);

  566.             });

  567.         });

  568. 

  569.         describe('1 Invalid Scope', () => {

  570.             it('SHOULD NOT delete an invite without invite.delete scope', async () => {

  571.                 await util.createSession(agent, ['invite.create', 'file.upload']);

  572.                 const invite = await util.createInvite({scope: ['file.upload']}, agent);

  573.                 const res = await util.deleteInvite(invite.body.code, agent);

  574.                 util.verifyResponse(res, 403, 'Forbidden.');

  575.             });

  576. 

  577.             it('SHOULD NOT delete another users invite without invite.delete.others scope', async () => {

  578.                 await util.createSession(agent, ['invite.create', 'file.upload'], 'alice');

  579.                 const invite = await util.createInvite({scope: ['file.upload']}, agent);

  580.                 await util.logout(agent);

  581. 

  582.                 await util.createSession(agent, ['invite.create', 'invite.delete'], 'eve');

  583.                 const res = await util.deleteInvite(invite.body.code, agent);

  584.                 util.verifyResponse(res, 422, 'Invite not found.');

  585.             });

  586. 

  587.             it('SHOULD NOT delete a used invite without invite.delete.used scope', async () => {

  588.                 await util.createSession(agent, ['invite.create', 'invite.delete', 'file.upload'], 'alice');

  589.                 const invite = await util.createInvite({scope: ['file.upload']}, agent);

  590. 

  591.                 await util.registerUser({displayname: 'bob', password: 'hunter2', invite: invite.body.code}, agent);

  592. 

  593.                 const res = await util.deleteInvite(invite.body.code, agent);

  594.                 util.verifyResponse(res, 403, 'Forbidden to delete used invites.');

  595.             });

  596.         });

  597. 

  598.         describe('2 Invalid Code', () => {

  599.             it('SHOULD return an error when the invite is not found', async () => {

  600.                 await util.createSession(agent, ['invite.delete']);

  601.                 const res = await util.deleteInvite('bogus', agent);

  602.                 util.verifyResponse(res, 422, 'Invite not found.');

  603.             });

  604.         });

  605.     });

  606. 

  607.     describe('/POST get', () => {

  608.         async function verifyInviteSearch(codes) {

  609.             const res = await util.getInvites({}, agent);

  610.             res.should.have.status(200);

  611.             res.body.should.be.a('Array');

  612. 

  613.             codes.sort();

  614.             const resCodes = res.body.map(invite => invite.code).sort();

  615. 

  616.             resCodes.should.deep.equal(codes, 'All invites should be present in result.');

  617.         }

  618. 

  619.         async function verifySingleSearch(code) {

  620.             const res = await util.getInvites({code: code}, agent);

  621.             res.should.have.status(200);

  622.             res.body.should.be.a('Array');

  623.             res.body.should.have.length(1, 'Only one invite should be in the array');

  624.             res.body[0].code.should.equal(code, 'The found invite should match the request code');

  625.         }

  626. 

  627.         describe('0 Valid Request', () => {

  628.             it('SHOULD get multiple invites from a valid session', async () => {

  629.                 await util.createSession(agent, ['invite.create', 'invite.get', 'file.upload']);

  630.                 const inv1 = await util.createInvite({scope: ['file.upload']}, agent);

  631.                 const inv2 = await util.createInvite({scope: ['invite.create']}, agent);

  632. 

  633.                 return verifyInviteSearch([inv1.body.code, inv2.body.code]);

  634.             });

  635. 

  636.             it('SHOULD get a single invite from a valid session', async () => {

  637.                 await util.createSession(agent, ['invite.create', 'invite.get', 'file.upload']);

  638.                 const inv = await util.createInvite({scope: ['file.upload']}, agent);

  639. 

  640.                 return verifySingleSearch(inv.body.code);

  641.             });

  642. 

  643.             it('SHOULD get another users invite with invite.get.others scope', async () => {

  644.                 await util.createSession(agent, ['invite.create', 'file.upload'], 'alice');

  645.                 const inv = await util.createInvite({scope: ['file.upload']}, agent);

  646.                 await util.logout(agent);

  647. 

  648.                 await util.createSession(agent, ['invite.get', 'invite.get.others'], 'eve');

  649.                 return verifySingleSearch(inv.body.code);

  650.             });

  651.         });

  652. 

  653.         describe('1 Invalid Scope', () => {

  654.             it('SHOULD NOT get invites without invite.get scope', async () => {

  655.                 await util.createSession(agent, ['invite.create', 'file.upload']);

  656.                 const res = await util.getInvites({code: 'bogus'}, agent);

  657.                 util.verifyResponse(res, 403, 'Forbidden.');

  658.             });

  659. 

  660.             it('SHOULD NOT get another users invite without invite.get.others scope', async () => {

  661.                 await util.createSession(agent, ['invite.create', 'file.upload'], 'alice');

  662.                 const invite = await util.createInvite({scope: ['file.upload']}, agent);

  663.                 await util.logout(agent);

  664. 

  665.                 await util.createSession(agent, ['invite.get'], 'eve');

  666.                 const res = await util.getInvites({code: invite.body.code}, agent);

  667.                 res.should.have.status(200);

  668.                 res.body.should.be.a('Array');

  669.                 res.body.should.have.length(0, 'No invites should be found.');

  670.             });

  671.         });

  672.     });

  673. });

  674. 

  675. describe('Keys', () => {

  676.     describe('/POST create', () => {

  677.         async function verifyCreatedKey(key) {

  678.             const res = await util.createKey(key, agent);

  679.             util.verifyResponse(res, 200, 'Key created.');

  680.             res.body.should.have.property('key').match(/^[A-Fa-f0-9]+$/, 'The key should be a hex string');

  681. 

  682.             const dbKey = await Key.findOne({key: res.body.key});

  683.             dbKey.should.not.equal(null);

  684.             dbKey.scope.should.deep.equal(key.scope, 'The created keys scope should match the request.');

  685.             dbKey.issuer.should.equal('user');

  686.         }

  687. 

  688.         describe('0 Valid Request', () => {

  689.             it('SHOULD create a key with valid scope from a valid session', async () => {

  690.                 await util.createSession(agent, ['key.create', 'file.upload']);

  691.                 return verifyCreatedKey({identifier: 'key', scope: ['file.upload']});

  692.             });

  693.         });

  694. 

  695.         describe('1 Invalid Scope', () => {

  696.             it('SHOULD NOT create a key without key.create scope', async () => {

  697.                 await util.createSession(agent, ['file.upload']);

  698.                 const res = await util.createKey({identifier: 'key', scope: ['file.upload']}, agent);

  699.                 util.verifyResponse(res, 403, 'Forbidden.');

  700.             });

  701. 

  702.             it('SHOULD NOT create a key with scope exceeding the requesters', async () => {

  703.                 await util.createSession(agent, ['key.create']);

  704.                 const res = await util.createKey({identifier: 'key', scope: ['file.upload']}, agent);

  705.                 util.verifyResponse(res, 403, 'Requested scope exceeds own scope.');

  706.             });

  707.         });

  708. 

  709.         describe('2 Key Limit', () => {

  710.             it('must not create additional keys beyond the limit', async () => {

  711.                 await util.createSession(agent, ['key.create', 'file.upload']);

  712.                 const limit = config.get('Key.limit');

  713. 

  714.                 // Create keys upto the limit (key0, key1, key2, ...)

  715.                 await Promise.all(

  716.                     [...Array(limit)]

  717.                         .map(idx => util.createKey({identifier: 'key' + idx, scope: ['file.upload']}, agent)));

  718. 

  719.                 const res = await util.createKey({identifier: 'toomany', scope: ['file.upload']}, agent);

  720.                 util.verifyResponse(res, 403, 'Key limit reached.');

  721.             });

  722.         });

  723.     });

  724. 

  725.     describe('/POST delete', () => {

  726.         async function verifyDeletedKey(key) {

  727.             const res = await util.deleteKey(key, agent);

  728.             util.verifyResponse(res, 200, 'Key deleted.');

  729. 

  730.             const keyCount = await Key.countDocuments({key: key});

  731.             keyCount.should.equal(0, 'The key should be removed from the database.');

  732.         }

  733. 

  734. 

  735.         describe('0 Valid Request', () => {

  736.             it('SHOULD delete a key with valid scope from a valid session', async () => {

  737.                 await util.createSession(agent, ['key.create', 'key.delete', 'file.upload']);

  738.                 const key = await util.createKey({identifier: 'key', scope: ['file.upload']}, agent);

  739.                 return verifyDeletedKey(key.body.key);

  740.             });

  741. 

  742.             it('SHOULD delete another users key with key.delete.others scope', async () => {

  743.                 await util.createSession(agent, ['key.create', 'file.upload'], 'alice');

  744.                 const key = await util.createKey({identifier: 'key', scope: ['file.upload']}, agent);

  745.                 await util.logout(agent);

  746.                 await util.createSession(agent, ['key.delete', 'key.delete.others'], 'eve');

  747.                 return verifyDeletedKey(key.body.key);

  748.             });

  749.         });

  750. 

  751.         describe('1 Invalid Scope', () => {

  752.             it('SHOULD NOT delete another users key without key.delete.others scope', async () => {

  753.                 await util.createSession(agent, ['key.create', 'file.upload'], 'bob');

  754.                 const key = await util.createKey({identifier: 'key', scope: ['file.upload']}, agent);

  755.                 await util.logout(agent);

  756.                 await util.createSession(agent, ['key.delete'], 'eve');

  757.                 const res = await util.deleteKey(key.body.key, agent);

  758.                 util.verifyResponse(res, 422, 'Key not found.');

  759.             });

  760.         });

  761. 

  762.         describe('2 Invalid Key', () => {

  763.             it('SHOULD return an error when the key was not found', async () => {

  764.                 await util.createSession(agent, ['key.delete']);

  765.                 const res = await util.deleteKey('bogus', agent);

  766.                 util.verifyResponse(res, 422, 'Key not found.');

  767.             });

  768.         });

  769.     });

  770. 

  771.     describe('/POST get', () => {

  772.         async function verifyKeySearch(keys, query = {}) {

  773.             const res = await util.getKeys(query, agent);

  774.             res.should.have.status(200);

  775.             res.body.should.be.a('Array');

  776. 

  777.             keys.sort();

  778.             const resKeys = res.body.map(key => key.key).sort();

  779. 

  780.             resKeys.should.deep.equal(keys, 'All keys should be present in the result.');

  781.         }

  782. 

  783.         async function verifySingleSearch(key, query = {}) {

  784.             const res = await util.getKeys(query, agent);

  785.             res.should.have.status(200);

  786.             res.body.should.be.a('Array');

  787.             res.body.should.have.length(1, 'Only one key should be in the array');

  788.             res.body[0].key.should.equal(key, 'The found key should match the request code');

  789.         }

  790. 

  791.         describe('0 Valid Request', () => {

  792.             it('SHOULD get multiple keys from a valid session', async () => {

  793.                 await util.createSession(agent, ['key.create', 'key.get', 'file.upload']);

  794.                 const keys = await Promise.all([

  795.                     util.createKey({identifier: 'key1', scope: ['file.upload']}, agent),

  796.                     util.createKey({identifier: 'key2', scope: ['file.upload']}, agent)

  797.                 ]);

  798.                 return verifyKeySearch(keys.map(res => res.body.key));

  799.             });

  800. 

  801.             it('SHOULD get a key by identifier from a valid session', async () => {

  802.                 await util.createSession(agent, ['key.create', 'key.get', 'file.upload']);

  803.                 const keys = await Promise.all([

  804.                     util.createKey({identifier: 'key1', scope: ['file.upload']}, agent),

  805.                     util.createKey({identifier: 'key2', scope: ['file.upload']}, agent)

  806.                 ]);

  807.                 return verifySingleSearch(keys[1].body.key, {identifier: 'key2'});

  808.             });

  809. 

  810.             it('SHOULD get another users key with key.get.others scope', async () => {

  811.                 await util.createSession(agent, ['key.create', 'file.upload'], 'bob');

  812.                 const key1 = await util.createKey({identifier: 'key', scope: ['file.upload']}, agent);

  813.                 await util.logout(agent);

  814.                 await util.createSession(agent, ['key.create', 'key.get', 'key.get.others', 'file.upload']);

  815.                 const key2 = await util.createKey({identifier: 'key', scope: ['file.upload']}, agent);

  816.                 return verifyKeySearch([key1.body.key, key2.body.key]);

  817.             });

  818.         });

  819. 

  820.         describe('1 Invalid Scope', () => {

  821.             it('SHOULD NOT get another users key without key.get.others scope', async () => {

  822.                 await util.createSession(agent, ['key.create', 'file.upload'], 'alice');

  823.                 await util.createInvite({identifier: 'private_key', scope: ['file.upload']}, agent);

  824.                 await util.logout(agent);

  825. 

  826.                 await util.createSession(agent, ['key.get'], 'eve');

  827.                 const res = await util.getKeys({identifier: 'private_key'}, agent);

  828.                 res.should.have.status(200);

  829.                 res.body.should.be.a('Array');

  830.                 res.body.should.have.length(0, 'No invites should be found.');

  831.             });

  832.         });

  833.     });

  834. });

  835. 

  836. describe('Users', () => {

  837.     describe('/GET get', () => {

  838.         beforeEach(() => Promise.all([

  839.             Promise.all([

  840.                 util.insertInvite({code: 'test1', scope: ['file.upload'], issuer: 'Mocha'}),

  841.                 util.insertInvite({code: 'test2', scope: ['file.upload'], issuer: 'Mocha'})

  842.             ]),

  843.             Promise.all([

  844.                 util.registerUser({displayname: 'user1', password: 'pass', invite: 'test1'}, agent),

  845.                 util.registerUser({displayname: 'user2', password: 'pass', invite: 'test2'}, agent)

  846.             ])

  847.         ]));

  848. 

  849.         async function verifyGetUsers(res, users) {

  850.             res.should.have.status(200);

  851.             res.body.should.be.a('Array');

  852.             res.body.map(user => user.username).sort().should.deep.equal(users.sort());

  853.         }

  854. 

  855.         describe('0 Valid Request', () => {

  856.             it('must get all users with an empty query', async () => {

  857.                 await util.createSession(agent, ['user.get'], 'admin');

  858.                 const res = await util.getUsers({}, agent);

  859.                 return verifyGetUsers(res, ['user1', 'user2', 'admin']);

  860.             });

  861. 

  862.             it('must filter users by username', async () => {

  863.                 await util.createSession(agent, ['user.get'], 'admin');

  864.                 const res = await util.getUsers({username: 'user1'}, agent);

  865.                 return verifyGetUsers(res, ['user1']);

  866.             });

  867. 

  868.             it('must filter users by displayname', async () => {

  869.                 await util.createSession(agent, ['user.get'], 'admin');

  870.                 const res = await util.getUsers({displayname: 'user1'}, agent);

  871.                 return verifyGetUsers(res, ['user1']);

  872.             });

  873. 

  874.             it('must return an empty array when no users were found', async () => {

  875.                 await util.createSession(agent, ['user.get'], 'admin');

  876.                 const res = await util.getUsers({username: 'abc'}, agent);

  877.                 return verifyGetUsers(res, []);

  878.             });

  879.         });

  880.     });

  881. 

  882.     describe('/POST ban/unban', () => {

  883.         beforeEach(async () => {

  884.             await util.insertInvite({code: 'test1', scope: ['file.upload'], issuer: 'Mocha'});

  885.             await util.registerUser({displayname: 'user', password: 'pass', invite: 'test1'}, agent);

  886.         });

  887. 

  888.         async function verifyBanned(res, statusCode, message, username, banStatus) {

  889.             util.verifyResponse(res, statusCode, message);

  890.             const user = await User.findOne({username: username});

  891.             user.should.exist;

  892.             user.should.have.property('banned').equal(banStatus, 'The user should have banned status ' + banStatus);

  893.         }

  894. 

  895.         describe('0 Valid Request', () => {

  896.             it('must ban a not banned user', async () => {

  897.                 await util.createSession(agent, ['user.ban'], 'admin');

  898.                 const res = await util.ban('user', agent);

  899.                 return verifyBanned(res, 200, 'User banned.', 'user', true);

  900.             });

  901. 

  902.             it('must unban a banned user', async () => {

  903.                 await util.setBanned('user', true);

  904.                 await util.createSession(agent, ['user.unban'], 'admin');

  905.                 const res = await util.unban('user', agent);

  906.                 return verifyBanned(res, 200, 'User unbanned.', 'user', false);

  907.             });

  908.         });

  909. 

  910.         describe('1 Already Requested Ban Status', () => {

  911.             it('must not ban an already banned user', async () => {

  912.                 await util.setBanned('user', true);

  913.                 await util.createSession(agent, ['user.ban'], 'admin');

  914.                 const res = await util.ban('user', agent);

  915.                 return verifyBanned(res, 422, 'User already banned.', 'user', true);

  916.             });

  917. 

  918.             it('must not unban a not banned user', async () => {

  919.                 await util.createSession(agent, ['user.unban'], 'admin');

  920.                 const res = await util.unban('user', agent);

  921.                 return verifyBanned(res, 422, 'User not banned.', 'user', false);

  922.             });

  923.         });

  924. 

  925.         describe('2 Not Found', () => {

  926.             it('must not ban a nonexistant user', async () => {

  927.                 await util.createSession(agent, ['user.ban'], 'admin');

  928.                 const res = await util.ban('abc', agent);

  929.                 util.verifyResponse(res, 422, 'User not found.');

  930.             });

  931. 

  932.             it('must not unban a nonexistant user', async () => {

  933.                 await util.createSession(agent, ['user.unban'], 'admin');

  934.                 const res = await util.unban('abc', agent);

  935.                 util.verifyResponse(res, 422, 'User not found.');

  936.             });

  937.         });

  938.     });

  939. });

  940. 

  941. describe('Stats', () => {

  942.     describe('/GET uploads', () => {

  943.         describe('0 Valid Request', () => {

  944.             const currentDate = new Date();

  945.             const oneDay = 1000 * 60 * 60 * 24;

  946. 

  947.             it('must return valid upload stats', async () => {

  948.                 await Promise.all([

  949.                     util.insertUpload({

  950.                         uid: 'uvwxyz',

  951.                         uploader: 'user',

  952.                         date: new Date(currentDate - 3 * oneDay),

  953.                         file: {

  954.                             originalName: 'lol.png',

  955.                             size: 1,

  956.                             mime: 'image/png'

  957.                         }

  958.                     }), util.insertUpload({

  959.                         uid: 'abcdef',

  960.                         uploader: 'user',

  961.                         date: new Date(currentDate - 3 * oneDay),

  962.                         file: {

  963.                             originalName: 'lol.png',

  964.                             size: 1,

  965.                             mime: 'image/png'

  966.                         }

  967.                     })

  968.                 ]);

  969. 

  970.                 await util.createSession(agent, ['stats.get'], 'user');

  971. 

  972.                 const res = await util.getStatsUploads({}, agent);

  973.                 res.should.have.status(200);

  974. 

  975.                 const stats = res.body;

  976.                 stats.should.be.a('Array');

  977.                 stats.should.have.length(2, 'There should be exactly two uploads returned');

  978. 

  979.                 const stat = stats[0];

  980.                 stat.should.have.property('date');

  981.                 stat.should.have.property('uid');

  982.                 stat.should.have.property('key');

  983.                 stat.should.have.property('originalName');

  984.                 stat.should.have.property('size');

  985.                 stat.should.have.property('mime');

  986. 

  987.                 return util.logout(agent);

  988.             });

  989. 

  990.             it('must return an empty set when there are no stats', async () => {

  991.                 await util.createSession(agent, ['stats.get'], 'user');

  992. 

  993.                 const res = await util.getStatsUploads({}, agent);

  994.                 res.should.have.status(200);

  995. 

  996.                 const stats = res.body;

  997.                 stats.should.be.a('Array');

  998.                 stats.should.have.length(0, 'No uploads should be returned');

  999.             });

  1000. 

  1001.             it('must constrain results by date', async () => {

  1002.                 await Promise.all([

  1003.                     util.insertUpload({

  1004.                         uid: 'uvwxyz',

  1005.                         uploader: 'user',

  1006.                         date: new Date(currentDate - 8 * oneDay),

  1007.                         file: {

  1008.                             originalName: 'lol.png',

  1009.                             size: 1,

  1010.                             mime: 'image/png'

  1011.                         }

  1012.                     }), util.insertUpload({

  1013.                         uid: 'lmnopq',

  1014.                         uploader: 'user',

  1015.                         date: new Date(currentDate - 6 * oneDay),

  1016.                         file: {

  1017.                             originalName: 'lol.png',

  1018.                             size: 1,

  1019.                             mime: 'image/png'

  1020.                         }

  1021.                     }), util.insertUpload({

  1022.                         uid: 'abcdef',

  1023.                         uploader: 'user',

  1024.                         date: new Date(currentDate - 4 * oneDay),

  1025.                         file: {

  1026.                             originalName: 'lol.png',

  1027.                             size: 1,

  1028.                             mime: 'image/png'

  1029.                         }

  1030.                     })

  1031.                 ]);

  1032. 

  1033.                 await util.createSession(agent, ['stats.get'], 'user');

  1034. 

  1035.                 const res = await util.getStatsUploads({

  1036.                     before: new Date(currentDate - 5 * oneDay),

  1037.                     after: new Date(currentDate - 7 * oneDay)

  1038.                 }, agent);

  1039.                 res.should.have.status(200);

  1040. 

  1041.                 const stats = res.body;

  1042.                 stats.should.be.a('Array');

  1043.                 stats.should.have.length(1, 'There should be exactly one upload returned');

  1044. 

  1045.                 return util.logout(agent);

  1046.             });

  1047. 

  1048.             it('must limit results', async () => {

  1049.                 await Promise.all([

  1050.                     util.insertUpload({

  1051.                         uid: 'uvwxyz',

  1052.                         uploader: 'user',

  1053.                         date: new Date(currentDate - 3 * oneDay),

  1054.                         file: {

  1055.                             originalName: 'lol.png',

  1056.                             size: 1,

  1057.                             mime: 'image/png'

  1058.                         }

  1059.                     }), util.insertUpload({

  1060.                         uid: 'abcdef',

  1061.                         uploader: 'user',

  1062.                         date: new Date(currentDate - 3 * oneDay),

  1063.                         file: {

  1064.                             originalName: 'lol.png',

  1065.                             size: 1,

  1066.                             mime: 'image/png'

  1067.                         }

  1068.                     })

  1069.                 ]);

  1070. 

  1071.                 await util.createSession(agent, ['stats.get'], 'user');

  1072. 

  1073.                 const res = await util.getStatsUploads({limit: 1}, agent);

  1074.                 res.should.have.status(200);

  1075. 

  1076.                 const stats = res.body;

  1077.                 stats.should.be.a('Array');

  1078.                 stats.should.have.length(1, 'There should be exactly one upload returned');

  1079. 

  1080.                 return util.logout(agent);

  1081.             });

  1082.         });

  1083.     });

  1084. 

  1085.     describe('/GET views', () => {

  1086.         describe('0 Valid Request', () => {

  1087.             const currentDate = new Date();

  1088.             const oneDay = 1000 * 60 * 60 * 24;

  1089. 

  1090.             it('must return valid view stats', async () => {

  1091.                 await Promise.all([

  1092.                     util.insertView({

  1093.                         uid: 'abcdef',

  1094.                         uploader: 'user',

  1095.                         remoteAddress: '::1',

  1096.                         userAgent: 'fiyerfocks',

  1097.                         date: new Date(currentDate - 3 * oneDay),

  1098.                     }), util.insertView({

  1099.                         uid: 'uvwxyz',

  1100.                         uploader: 'user',

  1101.                         remoteAddress: '::1',

  1102.                         userAgent: 'fiyerfocks',

  1103.                         date: new Date(currentDate - 3 * oneDay),

  1104.                     })

  1105.                 ]);

  1106. 

  1107.                 await util.createSession(agent, ['stats.get'], 'user');

  1108. 

  1109.                 const res = await util.getStatsViews({}, agent);

  1110.                 res.should.have.status(200);

  1111. 

  1112.                 const stats = res.body;

  1113.                 stats.should.be.a('Array');

  1114.                 stats.should.have.length(2, 'There should be exactly two views returned');

  1115. 

  1116.                 const stat = stats[0];

  1117.                 stat.should.have.property('date');

  1118.                 stat.should.have.property('uid');

  1119.                 stat.should.not.have.property('remoteAddress');

  1120.                 stat.should.not.have.property('userAgent');

  1121. 

  1122.                 return util.logout(agent);

  1123.             });

  1124. 

  1125.             it('must return an empty set when there are no stats', async () => {

  1126.                 await util.createSession(agent, ['stats.get'], 'user');

  1127. 

  1128.                 const res = await util.getStatsViews({}, agent);

  1129.                 res.should.have.status(200);

  1130. 

  1131.                 const stats = res.body;

  1132.                 stats.should.be.a('Array');

  1133.                 stats.should.have.length(0, 'No views should be returned');

  1134.             });

  1135. 

  1136.             it('must constrain results by date', async () => {

  1137.                 await Promise.all([

  1138.                     util.insertView({

  1139.                         uid: 'abcdef',

  1140.                         uploader: 'user',

  1141.                         remoteAddress: '::1',

  1142.                         userAgent: 'fiyerfocks',

  1143.                         date: new Date(currentDate - 8 * oneDay),

  1144.                     }), util.insertView({

  1145.                         uid: 'uvwxyz',

  1146.                         uploader: 'user',

  1147.                         remoteAddress: '::1',

  1148.                         userAgent: 'fiyerfocks',

  1149.                         date: new Date(currentDate - 6 * oneDay),

  1150.                     }), util.insertView({

  1151.                         uid: 'lmnopq',

  1152.                         uploader: 'user',

  1153.                         remoteAddress: '::1',

  1154.                         userAgent: 'fiyerfocks',

  1155.                         date: new Date(currentDate - 4 * oneDay),

  1156.                     })

  1157.                 ]);

  1158. 

  1159.                 await util.createSession(agent, ['stats.get'], 'user');

  1160. 

  1161.                 const res = await util.getStatsViews({

  1162.                     before: new Date(currentDate - 5 * oneDay),

  1163.                     after: new Date(currentDate - 7 * oneDay)

  1164.                 }, agent);

  1165.                 res.should.have.status(200);

  1166. 

  1167.                 const stats = res.body;

  1168.                 stats.should.be.a('Array');

  1169.                 stats.should.have.length(1, 'There should be exactly one view returned');

  1170. 

  1171.                 return util.logout(agent);

  1172.             });

  1173. 

  1174.             it('must limit results', async () => {

  1175.                 await Promise.all([

  1176.                     util.insertView({

  1177.                         uid: 'abcdef',

  1178.                         uploader: 'user',

  1179.                         remoteAddress: '::1',

  1180.                         userAgent: 'fiyerfocks',

  1181.                         date: new Date(currentDate - 3 * oneDay),

  1182.                     }), util.insertView({

  1183.                         uid: 'uvwxyz',

  1184.                         uploader: 'user',

  1185.                         remoteAddress: '::1',

  1186.                         userAgent: 'fiyerfocks',

  1187.                         date: new Date(currentDate - 3 * oneDay),

  1188.                     })

  1189.                 ]);

  1190. 

  1191.                 await util.createSession(agent, ['stats.get'], 'user');

  1192. 

  1193.                 const res = await util.getStatsViews({limit: 1}, agent);

  1194.                 res.should.have.status(200);

  1195. 

  1196.                 const stats = res.body;

  1197.                 stats.should.be.a('Array');

  1198.                 stats.should.have.length(1, 'There should be exactly one view returned');

  1199. 

  1200.                 return util.logout(agent);

  1201.             });

  1202.         });

  1203.     });

  1204. });

  1205. 

  1206. after(() => server.close(() => process.exit(0)));