]>
Commit | Line | Data |
---|---|---|
906f46d0 C |
1 | /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */ |
2 | ||
c55e3d72 | 3 | import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination, MockSmtpServer } from '@server/tests/shared' |
bbd5aa7e | 4 | import { omit } from '@shared/core-utils' |
c55e3d72 | 5 | import { HttpStatusCode, UserAdminFlag, UserRole } from '@shared/models' |
906f46d0 | 6 | import { |
906f46d0 | 7 | cleanupTests, |
b379759f | 8 | ConfigCommand, |
906f46d0 C |
9 | createSingleServer, |
10 | killallServers, | |
11 | makeGetRequest, | |
12 | makePostBodyRequest, | |
13 | makePutBodyRequest, | |
906f46d0 C |
14 | PeerTubeServer, |
15 | setAccessTokensToServers | |
bf54587a | 16 | } from '@shared/server-commands' |
906f46d0 C |
17 | |
18 | describe('Test users admin API validators', function () { | |
19 | const path = '/api/v1/users/' | |
20 | let userId: number | |
21 | let rootId: number | |
22 | let moderatorId: number | |
23 | let server: PeerTubeServer | |
24 | let userToken = '' | |
25 | let moderatorToken = '' | |
26 | let emailPort: number | |
27 | ||
28 | // --------------------------------------------------------------- | |
29 | ||
30 | before(async function () { | |
31 | this.timeout(30000) | |
32 | ||
33 | const emails: object[] = [] | |
34 | emailPort = await MockSmtpServer.Instance.collectEmails(emails) | |
35 | ||
36 | { | |
37 | server = await createSingleServer(1) | |
38 | ||
39 | await setAccessTokensToServers([ server ]) | |
40 | } | |
41 | ||
42 | { | |
43 | const result = await server.users.generate('user1') | |
44 | userToken = result.token | |
45 | userId = result.userId | |
46 | } | |
47 | ||
48 | { | |
49 | const result = await server.users.generate('moderator1', UserRole.MODERATOR) | |
50 | moderatorToken = result.token | |
51 | } | |
52 | ||
53 | { | |
54 | const result = await server.users.generate('moderator2', UserRole.MODERATOR) | |
55 | moderatorId = result.userId | |
56 | } | |
57 | }) | |
58 | ||
59 | describe('When listing users', function () { | |
60 | it('Should fail with a bad start pagination', async function () { | |
61 | await checkBadStartPagination(server.url, path, server.accessToken) | |
62 | }) | |
63 | ||
64 | it('Should fail with a bad count pagination', async function () { | |
65 | await checkBadCountPagination(server.url, path, server.accessToken) | |
66 | }) | |
67 | ||
68 | it('Should fail with an incorrect sort', async function () { | |
69 | await checkBadSortPagination(server.url, path, server.accessToken) | |
70 | }) | |
71 | ||
72 | it('Should fail with a non authenticated user', async function () { | |
73 | await makeGetRequest({ | |
74 | url: server.url, | |
75 | path, | |
76 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
77 | }) | |
78 | }) | |
79 | ||
80 | it('Should fail with a non admin user', async function () { | |
81 | await makeGetRequest({ | |
82 | url: server.url, | |
83 | path, | |
84 | token: userToken, | |
85 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | |
86 | }) | |
87 | }) | |
88 | }) | |
89 | ||
90 | describe('When adding a new user', function () { | |
91 | const baseCorrectParams = { | |
92 | username: 'user2', | |
93 | email: 'test@example.com', | |
94 | password: 'my super password', | |
95 | videoQuota: -1, | |
96 | videoQuotaDaily: -1, | |
97 | role: UserRole.USER, | |
98 | adminFlags: UserAdminFlag.BYPASS_VIDEO_AUTO_BLACKLIST | |
99 | } | |
100 | ||
101 | it('Should fail with a too small username', async function () { | |
102 | const fields = { ...baseCorrectParams, username: '' } | |
103 | ||
104 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
105 | }) | |
106 | ||
107 | it('Should fail with a too long username', async function () { | |
108 | const fields = { ...baseCorrectParams, username: 'super'.repeat(50) } | |
109 | ||
110 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
111 | }) | |
112 | ||
113 | it('Should fail with a not lowercase username', async function () { | |
114 | const fields = { ...baseCorrectParams, username: 'Toto' } | |
115 | ||
116 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
117 | }) | |
118 | ||
119 | it('Should fail with an incorrect username', async function () { | |
120 | const fields = { ...baseCorrectParams, username: 'my username' } | |
121 | ||
122 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
123 | }) | |
124 | ||
125 | it('Should fail with a missing email', async function () { | |
bbd5aa7e | 126 | const fields = omit(baseCorrectParams, [ 'email' ]) |
906f46d0 C |
127 | |
128 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
129 | }) | |
130 | ||
131 | it('Should fail with an invalid email', async function () { | |
132 | const fields = { ...baseCorrectParams, email: 'test_example.com' } | |
133 | ||
134 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
135 | }) | |
136 | ||
137 | it('Should fail with a too small password', async function () { | |
138 | const fields = { ...baseCorrectParams, password: 'bla' } | |
139 | ||
140 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
141 | }) | |
142 | ||
143 | it('Should fail with a too long password', async function () { | |
144 | const fields = { ...baseCorrectParams, password: 'super'.repeat(61) } | |
145 | ||
146 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
147 | }) | |
148 | ||
149 | it('Should fail with empty password and no smtp configured', async function () { | |
150 | const fields = { ...baseCorrectParams, password: '' } | |
151 | ||
152 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
153 | }) | |
154 | ||
155 | it('Should succeed with no password on a server with smtp enabled', async function () { | |
156 | this.timeout(20000) | |
157 | ||
158 | await killallServers([ server ]) | |
159 | ||
b379759f | 160 | await server.run(ConfigCommand.getEmailOverrideConfig(emailPort)) |
906f46d0 C |
161 | |
162 | const fields = { | |
163 | ...baseCorrectParams, | |
164 | ||
165 | password: '', | |
166 | username: 'create_password', | |
167 | email: 'create_password@example.com' | |
168 | } | |
169 | ||
170 | await makePostBodyRequest({ | |
171 | url: server.url, | |
ba2684ce | 172 | path, |
906f46d0 C |
173 | token: server.accessToken, |
174 | fields, | |
175 | expectedStatus: HttpStatusCode.OK_200 | |
176 | }) | |
177 | }) | |
178 | ||
179 | it('Should fail with invalid admin flags', async function () { | |
180 | const fields = { ...baseCorrectParams, adminFlags: 'toto' } | |
181 | ||
182 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
183 | }) | |
184 | ||
185 | it('Should fail with an non authenticated user', async function () { | |
186 | await makePostBodyRequest({ | |
187 | url: server.url, | |
188 | path, | |
189 | token: 'super token', | |
190 | fields: baseCorrectParams, | |
191 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
192 | }) | |
193 | }) | |
194 | ||
195 | it('Should fail if we add a user with the same username', async function () { | |
196 | const fields = { ...baseCorrectParams, username: 'user1' } | |
197 | ||
198 | await makePostBodyRequest({ | |
199 | url: server.url, | |
200 | path, | |
201 | token: server.accessToken, | |
202 | fields, | |
203 | expectedStatus: HttpStatusCode.CONFLICT_409 | |
204 | }) | |
205 | }) | |
206 | ||
207 | it('Should fail if we add a user with the same email', async function () { | |
208 | const fields = { ...baseCorrectParams, email: 'user1@example.com' } | |
209 | ||
210 | await makePostBodyRequest({ | |
211 | url: server.url, | |
212 | path, | |
213 | token: server.accessToken, | |
214 | fields, | |
215 | expectedStatus: HttpStatusCode.CONFLICT_409 | |
216 | }) | |
217 | }) | |
906f46d0 C |
218 | |
219 | it('Should fail with an invalid videoQuota', async function () { | |
220 | const fields = { ...baseCorrectParams, videoQuota: -5 } | |
221 | ||
222 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
223 | }) | |
224 | ||
225 | it('Should fail with an invalid videoQuotaDaily', async function () { | |
226 | const fields = { ...baseCorrectParams, videoQuotaDaily: -7 } | |
227 | ||
228 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
229 | }) | |
230 | ||
231 | it('Should fail without a user role', async function () { | |
bbd5aa7e | 232 | const fields = omit(baseCorrectParams, [ 'role' ]) |
906f46d0 C |
233 | |
234 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
235 | }) | |
236 | ||
237 | it('Should fail with an invalid user role', async function () { | |
238 | const fields = { ...baseCorrectParams, role: 88989 } | |
239 | ||
240 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
241 | }) | |
242 | ||
243 | it('Should fail with a "peertube" username', async function () { | |
244 | const fields = { ...baseCorrectParams, username: 'peertube' } | |
245 | ||
246 | await makePostBodyRequest({ | |
247 | url: server.url, | |
248 | path, | |
249 | token: server.accessToken, | |
250 | fields, | |
251 | expectedStatus: HttpStatusCode.CONFLICT_409 | |
252 | }) | |
253 | }) | |
254 | ||
255 | it('Should fail to create a moderator or an admin with a moderator', async function () { | |
256 | for (const role of [ UserRole.MODERATOR, UserRole.ADMINISTRATOR ]) { | |
257 | const fields = { ...baseCorrectParams, role } | |
258 | ||
259 | await makePostBodyRequest({ | |
260 | url: server.url, | |
261 | path, | |
262 | token: moderatorToken, | |
263 | fields, | |
264 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | |
265 | }) | |
266 | } | |
267 | }) | |
268 | ||
269 | it('Should succeed to create a user with a moderator', async function () { | |
270 | const fields = { ...baseCorrectParams, username: 'a4656', email: 'a4656@example.com', role: UserRole.USER } | |
271 | ||
272 | await makePostBodyRequest({ | |
273 | url: server.url, | |
274 | path, | |
275 | token: moderatorToken, | |
276 | fields, | |
277 | expectedStatus: HttpStatusCode.OK_200 | |
278 | }) | |
279 | }) | |
280 | ||
281 | it('Should succeed with the correct params', async function () { | |
282 | await makePostBodyRequest({ | |
283 | url: server.url, | |
284 | path, | |
285 | token: server.accessToken, | |
286 | fields: baseCorrectParams, | |
287 | expectedStatus: HttpStatusCode.OK_200 | |
288 | }) | |
289 | }) | |
290 | ||
291 | it('Should fail with a non admin user', async function () { | |
292 | const user = { username: 'user1' } | |
293 | userToken = await server.login.getAccessToken(user) | |
294 | ||
295 | const fields = { | |
296 | username: 'user3', | |
297 | email: 'test@example.com', | |
298 | password: 'my super password', | |
299 | videoQuota: 42000000 | |
300 | } | |
301 | await makePostBodyRequest({ url: server.url, path, token: userToken, fields, expectedStatus: HttpStatusCode.FORBIDDEN_403 }) | |
302 | }) | |
303 | }) | |
304 | ||
305 | describe('When getting a user', function () { | |
306 | ||
307 | it('Should fail with an non authenticated user', async function () { | |
308 | await makeGetRequest({ | |
309 | url: server.url, | |
310 | path: path + userId, | |
311 | token: 'super token', | |
312 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
313 | }) | |
314 | }) | |
315 | ||
316 | it('Should fail with a non admin user', async function () { | |
317 | await makeGetRequest({ url: server.url, path, token: userToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 }) | |
318 | }) | |
319 | ||
320 | it('Should succeed with the correct params', async function () { | |
321 | await makeGetRequest({ url: server.url, path: path + userId, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 }) | |
322 | }) | |
323 | }) | |
324 | ||
325 | describe('When updating a user', function () { | |
326 | ||
327 | it('Should fail with an invalid email attribute', async function () { | |
328 | const fields = { | |
329 | email: 'blabla' | |
330 | } | |
331 | ||
332 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | |
333 | }) | |
334 | ||
335 | it('Should fail with an invalid emailVerified attribute', async function () { | |
336 | const fields = { | |
337 | emailVerified: 'yes' | |
338 | } | |
339 | ||
340 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | |
341 | }) | |
342 | ||
343 | it('Should fail with an invalid videoQuota attribute', async function () { | |
344 | const fields = { | |
345 | videoQuota: -90 | |
346 | } | |
347 | ||
348 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | |
349 | }) | |
350 | ||
351 | it('Should fail with an invalid user role attribute', async function () { | |
352 | const fields = { | |
353 | role: 54878 | |
354 | } | |
355 | ||
356 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | |
357 | }) | |
358 | ||
359 | it('Should fail with a too small password', async function () { | |
360 | const fields = { | |
361 | currentPassword: 'password', | |
362 | password: 'bla' | |
363 | } | |
364 | ||
365 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | |
366 | }) | |
367 | ||
368 | it('Should fail with a too long password', async function () { | |
369 | const fields = { | |
370 | currentPassword: 'password', | |
371 | password: 'super'.repeat(61) | |
372 | } | |
373 | ||
374 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | |
375 | }) | |
376 | ||
377 | it('Should fail with an non authenticated user', async function () { | |
378 | const fields = { | |
379 | videoQuota: 42 | |
380 | } | |
381 | ||
382 | await makePutBodyRequest({ | |
383 | url: server.url, | |
384 | path: path + userId, | |
385 | token: 'super token', | |
386 | fields, | |
387 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
388 | }) | |
389 | }) | |
390 | ||
391 | it('Should fail when updating root role', async function () { | |
392 | const fields = { | |
393 | role: UserRole.MODERATOR | |
394 | } | |
395 | ||
396 | await makePutBodyRequest({ url: server.url, path: path + rootId, token: server.accessToken, fields }) | |
397 | }) | |
398 | ||
399 | it('Should fail with invalid admin flags', async function () { | |
400 | const fields = { adminFlags: 'toto' } | |
401 | ||
402 | await makePutBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
403 | }) | |
404 | ||
405 | it('Should fail to update an admin with a moderator', async function () { | |
406 | const fields = { | |
407 | videoQuota: 42 | |
408 | } | |
409 | ||
410 | await makePutBodyRequest({ | |
411 | url: server.url, | |
412 | path: path + moderatorId, | |
413 | token: moderatorToken, | |
414 | fields, | |
415 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | |
416 | }) | |
417 | }) | |
418 | ||
419 | it('Should succeed to update a user with a moderator', async function () { | |
420 | const fields = { | |
421 | videoQuota: 42 | |
422 | } | |
423 | ||
424 | await makePutBodyRequest({ | |
425 | url: server.url, | |
426 | path: path + userId, | |
427 | token: moderatorToken, | |
428 | fields, | |
429 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | |
430 | }) | |
431 | }) | |
432 | ||
433 | it('Should succeed with the correct params', async function () { | |
434 | const fields = { | |
435 | email: 'email@example.com', | |
436 | emailVerified: true, | |
437 | videoQuota: 42, | |
438 | role: UserRole.USER | |
439 | } | |
440 | ||
441 | await makePutBodyRequest({ | |
442 | url: server.url, | |
443 | path: path + userId, | |
444 | token: server.accessToken, | |
445 | fields, | |
446 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | |
447 | }) | |
448 | }) | |
449 | }) | |
450 | ||
451 | after(async function () { | |
452 | MockSmtpServer.Instance.kill() | |
453 | ||
454 | await cleanupTests([ server ]) | |
455 | }) | |
456 | }) |