Improve: Add more API tests

tests/data/api-data.js

@@ -41,6 +41,10 @@ export function api(path) {
 	return prefix + path;
 }
 
+export function methodCall(methodName) {
+	return api(`method.call/${ methodName }`);
+}
+
 export function log(res) {
 	console.log(res.req.path);
 	console.log({

tests/end-to-end/api/00-miscellaneous.js

@@ -3,6 +3,7 @@ import { expect } from 'chai';
 import { getCredentials, api, login, request, credentials } from '../../data/api-data.js';
 import { adminEmail, adminUsername, adminPassword, password } from '../../data/user.js';
 import { createUser, login as doLogin } from '../../data/users.helper';
+import { updateSetting } from '../../data/permissions.helper';
 
 describe('miscellaneous', function() {
 	this.retries(0);
@@ -504,4 +505,34 @@ describe('miscellaneous', function() {
 				.end(done);
 		});
 	});
+
+	describe('[/shield.svg]', () => {
+		it('should fail if API_Enable_Shields is disabled', (done) => {
+			updateSetting('API_Enable_Shields', false).then(() => {
+				request.get(api('shield.svg'))
+					.expect('Content-Type', 'application/json')
+					.expect(400)
+					.expect((res) => {
+						expect(res.body).to.have.property('success', false);
+						expect(res.body).to.have.property('errorType', 'error-endpoint-disabled');
+					})
+					.end(done);
+			});
+		});
+
+		it('should succeed if API_Enable_Shields is enabled', (done) => {
+			updateSetting('API_Enable_Shields', true).then(() => {
+				request.get(api('shield.svg'))
+					.query({
+						type: 'online',
+						icon: true,
+						channel: 'general',
+						name: 'Rocket.Chat',
+					})
+					.expect('Content-Type', 'image/svg+xml;charset=utf-8')
+					.expect(200)
+					.end(done);
+			});
+		});
+	});
 });

tests/end-to-end/api/01-users.js

@@ -602,6 +602,126 @@ describe('[Users]', function() {
 		});
 	});
 
+	describe('[/users.resetAvatar]', () => {
+		let user;
+		before(async () => {
+			user = await createUser();
+		});
+
+		let userCredentials;
+		before(async () => {
+			userCredentials = await login(user.username, password);
+		});
+		before((done) => {
+			updatePermission('edit-other-user-info', ['admin', 'user']).then(done);
+		});
+		after(async () => {
+			await deleteUser(user);
+			user = undefined;
+			await updatePermission('edit-other-user-info', ['admin']);
+		});
+		it('should set the avatar of the logged user by a local image', (done) => {
+			request.post(api('users.setAvatar'))
+				.set(userCredentials)
+				.attach('image', imgURL)
+				.expect('Content-Type', 'application/json')
+				.expect(200)
+				.expect((res) => {
+					expect(res.body).to.have.property('success', true);
+				})
+				.end(done);
+		});
+		it('should reset the avatar of the logged user', (done) => {
+			request.post(api('users.resetAvatar'))
+				.set(userCredentials)
+				.expect('Content-Type', 'application/json')
+				.send({
+					userId: userCredentials['X-User-Id'],
+				})
+				.expect(200)
+				.expect((res) => {
+					expect(res.body).to.have.property('success', true);
+				})
+				.end(done);
+		});
+		it('should reset the avatar of another user by userId when the logged user has the necessary permission (edit-other-user-info)', (done) => {
+			request.post(api('users.resetAvatar'))
+				.set(userCredentials)
+				.send({
+					userId: credentials['X-User-Id'],
+				})
+				.expect('Content-Type', 'application/json')
+				.expect(200)
+				.expect((res) => {
+					expect(res.body).to.have.property('success', true);
+				})
+				.end(done);
+		});
+		it('should reset the avatar of another user by username and local image when the logged user has the necessary permission (edit-other-user-info)', (done) => {
+			request.post(api('users.resetAvatar'))
+				.set(credentials)
+				.send({
+					username: adminUsername,
+				})
+				.expect('Content-Type', 'application/json')
+				.expect(200)
+				.expect((res) => {
+					expect(res.body).to.have.property('success', true);
+				})
+				.end(done);
+		});
+		it.skip('should prevent from resetting someone else\'s avatar when the logged user has not the necessary permission(edit-other-user-info)', (done) => {
+			updatePermission('edit-other-user-info', []).then(() => {
+				request.post(api('users.resetAvatar'))
+					.set(userCredentials)
+					.send({
+						userId: credentials['X-User-Id'],
+					})
+					.expect('Content-Type', 'application/json')
+					.expect(400)
+					.expect((res) => {
+						expect(res.body).to.have.property('success', false);
+					})
+					.end(done);
+			});
+		});
+	});
+
+	describe('[/users.getAvatar]', () => {
+		let user;
+		before(async () => {
+			user = await createUser();
+		});
+
+		let userCredentials;
+		before(async () => {
+			userCredentials = await login(user.username, password);
+		});
+		after(async () => {
+			await deleteUser(user);
+			user = undefined;
+			await updatePermission('edit-other-user-info', ['admin']);
+		});
+		it('should get the url of the avatar of the logged user via userId', (done) => {
+			request.get(api('users.getAvatar'))
+				.set(userCredentials)
+				.query({
+					userId: userCredentials['X-User-Id'],
+				})
+				.expect(307)
+				.end(done);
+		});
+		it('should get the url of the avatar of the logged user via username', (done) => {
+			request.get(api('users.getAvatar'))
+				.set(userCredentials)
+				.query({
+					username: user.username,
+				})
+				.expect(307)
+				.end(done);
+		});
+	});
+
 	describe('[/users.update]', () => {
 		before((done) => {
 			updateSetting('Accounts_AllowUserProfileChange', true)
@@ -2287,6 +2407,133 @@ describe('[Users]', function() {
 		});
 	});
 
+	describe('[/users.deactivateIdle]', () => {
+		let testUser;
+		let testUserCredentials;
+		const testRoleName = `role.test.${ Date.now() }`;
+
+		before('Create a new role with Users scope', (done) => {
+			request.post(api('roles.create'))
+				.set(credentials)
+				.send({
+					name: testRoleName,
+				})
+				.expect('Content-Type', 'application/json')
+				.expect(200)
+				.expect((res) => {
+					expect(res.body).to.have.property('success', true);
+				})
+				.end(done);
+		});
+		before('Create test user', (done) => {
+			const username = `user.test.${ Date.now() }`;
+			const email = `${ username }@rocket.chat`;
+			request.post(api('users.create'))
+				.set(credentials)
+				.send({ email, name: username, username, password })
+				.end((err, res) => {
+					testUser = res.body.user;
+					done();
+				});
+		});
+		before('Assign a role to test user', (done) => {
+			request.post(api('roles.addUserToRole'))
+				.set(credentials)
+				.send({
+					roleName: testRoleName,
+					username: testUser.username,
+				})
+				.expect('Content-Type', 'application/json')
+				.expect(200)
+				.expect((res) => {
+					expect(res.body).to.have.property('success', true);
+				})
+				.end(done);
+		});
+		before('Login as test user', (done) => {
+			request.post(api('login'))
+				.send({
+					user: testUser.username,
+					password,
+				})
+				.expect('Content-Type', 'application/json')
+				.expect(200)
+				.expect((res) => {
+					testUserCredentials = {};
+					testUserCredentials['X-Auth-Token'] = res.body.data.authToken;
+					testUserCredentials['X-User-Id'] = res.body.data.userId;
+				})
+				.end(done);
+		});
+
+		it('should fail to deactivate if user doesnt have edit-other-user-active-status permission', (done) => {
+			updatePermission('edit-other-user-active-status', []).then(() => {
+				request.post(api('users.deactivateIdle'))
+					.set(credentials)
+					.send({
+						daysIdle: 0,
+					})
+					.expect('Content-Type', 'application/json')
+					.expect(403)
+					.expect((res) => {
+						expect(res.body).to.have.property('success', false);
+						expect(res.body).to.have.property('error', 'unauthorized');
+					})
+					.end(done);
+			});
+		});
+		it('should deactivate no users when no users in time range', (done) => {
+			updatePermission('edit-other-user-active-status', ['admin']).then(() => {
+				request.post(api('users.deactivateIdle'))
+					.set(credentials)
+					.send({
+						daysIdle: 999999,
+					})
+					.expect('Content-Type', 'application/json')
+					.expect(200)
+					.expect((res) => {
+						expect(res.body).to.have.property('success', true);
+						expect(res.body).to.have.property('count', 0);
+					})
+					.end(done);
+			});
+		});
+		it('should deactivate the test user when given its role and daysIdle = 0', (done) => {
+			updatePermission('edit-other-user-active-status', ['admin']).then(() => {
+				request.post(api('users.deactivateIdle'))
+					.set(credentials)
+					.send({
+						daysIdle: 0,
+						role: testRoleName,
+					})
+					.expect('Content-Type', 'application/json')
+					.expect(200)
+					.expect((res) => {
+						expect(res.body).to.have.property('success', true);
+						expect(res.body).to.have.property('count', 1);
+					})
+					.end(done);
+			});
+		});
+		it('should not deactivate the test user again when given its role and daysIdle = 0', (done) => {
+			updatePermission('edit-other-user-active-status', ['admin']).then(() => {
+				request.post(api('users.deactivateIdle'))
+					.set(credentials)
+					.send({
+						daysIdle: 0,
+						role: testRoleName,
+					})
+					.expect('Content-Type', 'application/json')
+					.expect(200)
+					.expect((res) => {
+						expect(res.body).to.have.property('success', true);
+						expect(res.body).to.have.property('count', 0);
+					})
+					.end(done);
+			});
+		});
+	});
+
 	describe('[/users.requestDataDownload]', () => {
 		it('should return the request data with fullExport false when no query parameter was send', (done) => {
 			request.get(api('users.requestDataDownload'))