]>
Commit | Line | Data |
---|---|---|
906f46d0 C |
1 | /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */ |
2 | ||
3 | import 'mocha' | |
4 | import { omit } from 'lodash' | |
5 | import { | |
6 | checkBadCountPagination, | |
7 | checkBadSortPagination, | |
8 | checkBadStartPagination, | |
9 | cleanupTests, | |
10 | createSingleServer, | |
11 | killallServers, | |
12 | makeGetRequest, | |
13 | makePostBodyRequest, | |
14 | makePutBodyRequest, | |
15 | MockSmtpServer, | |
16 | PeerTubeServer, | |
17 | setAccessTokensToServers | |
18 | } from '@shared/extra-utils' | |
19 | import { HttpStatusCode, UserAdminFlag, UserRole } from '@shared/models' | |
20 | ||
21 | describe('Test users admin API validators', function () { | |
22 | const path = '/api/v1/users/' | |
23 | let userId: number | |
24 | let rootId: number | |
25 | let moderatorId: number | |
26 | let server: PeerTubeServer | |
27 | let userToken = '' | |
28 | let moderatorToken = '' | |
29 | let emailPort: number | |
30 | ||
31 | // --------------------------------------------------------------- | |
32 | ||
33 | before(async function () { | |
34 | this.timeout(30000) | |
35 | ||
36 | const emails: object[] = [] | |
37 | emailPort = await MockSmtpServer.Instance.collectEmails(emails) | |
38 | ||
39 | { | |
40 | server = await createSingleServer(1) | |
41 | ||
42 | await setAccessTokensToServers([ server ]) | |
43 | } | |
44 | ||
45 | { | |
46 | const result = await server.users.generate('user1') | |
47 | userToken = result.token | |
48 | userId = result.userId | |
49 | } | |
50 | ||
51 | { | |
52 | const result = await server.users.generate('moderator1', UserRole.MODERATOR) | |
53 | moderatorToken = result.token | |
54 | } | |
55 | ||
56 | { | |
57 | const result = await server.users.generate('moderator2', UserRole.MODERATOR) | |
58 | moderatorId = result.userId | |
59 | } | |
60 | }) | |
61 | ||
62 | describe('When listing users', function () { | |
63 | it('Should fail with a bad start pagination', async function () { | |
64 | await checkBadStartPagination(server.url, path, server.accessToken) | |
65 | }) | |
66 | ||
67 | it('Should fail with a bad count pagination', async function () { | |
68 | await checkBadCountPagination(server.url, path, server.accessToken) | |
69 | }) | |
70 | ||
71 | it('Should fail with an incorrect sort', async function () { | |
72 | await checkBadSortPagination(server.url, path, server.accessToken) | |
73 | }) | |
74 | ||
75 | it('Should fail with a non authenticated user', async function () { | |
76 | await makeGetRequest({ | |
77 | url: server.url, | |
78 | path, | |
79 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
80 | }) | |
81 | }) | |
82 | ||
83 | it('Should fail with a non admin user', async function () { | |
84 | await makeGetRequest({ | |
85 | url: server.url, | |
86 | path, | |
87 | token: userToken, | |
88 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | |
89 | }) | |
90 | }) | |
91 | }) | |
92 | ||
93 | describe('When adding a new user', function () { | |
94 | const baseCorrectParams = { | |
95 | username: 'user2', | |
96 | email: 'test@example.com', | |
97 | password: 'my super password', | |
98 | videoQuota: -1, | |
99 | videoQuotaDaily: -1, | |
100 | role: UserRole.USER, | |
101 | adminFlags: UserAdminFlag.BYPASS_VIDEO_AUTO_BLACKLIST | |
102 | } | |
103 | ||
104 | it('Should fail with a too small username', async function () { | |
105 | const fields = { ...baseCorrectParams, username: '' } | |
106 | ||
107 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
108 | }) | |
109 | ||
110 | it('Should fail with a too long username', async function () { | |
111 | const fields = { ...baseCorrectParams, username: 'super'.repeat(50) } | |
112 | ||
113 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
114 | }) | |
115 | ||
116 | it('Should fail with a not lowercase username', async function () { | |
117 | const fields = { ...baseCorrectParams, username: 'Toto' } | |
118 | ||
119 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
120 | }) | |
121 | ||
122 | it('Should fail with an incorrect username', async function () { | |
123 | const fields = { ...baseCorrectParams, username: 'my username' } | |
124 | ||
125 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
126 | }) | |
127 | ||
128 | it('Should fail with a missing email', async function () { | |
129 | const fields = omit(baseCorrectParams, 'email') | |
130 | ||
131 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
132 | }) | |
133 | ||
134 | it('Should fail with an invalid email', async function () { | |
135 | const fields = { ...baseCorrectParams, email: 'test_example.com' } | |
136 | ||
137 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
138 | }) | |
139 | ||
140 | it('Should fail with a too small password', async function () { | |
141 | const fields = { ...baseCorrectParams, password: 'bla' } | |
142 | ||
143 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
144 | }) | |
145 | ||
146 | it('Should fail with a too long password', async function () { | |
147 | const fields = { ...baseCorrectParams, password: 'super'.repeat(61) } | |
148 | ||
149 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
150 | }) | |
151 | ||
152 | it('Should fail with empty password and no smtp configured', async function () { | |
153 | const fields = { ...baseCorrectParams, password: '' } | |
154 | ||
155 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
156 | }) | |
157 | ||
158 | it('Should succeed with no password on a server with smtp enabled', async function () { | |
159 | this.timeout(20000) | |
160 | ||
161 | await killallServers([ server ]) | |
162 | ||
163 | const config = { | |
164 | smtp: { | |
165 | hostname: 'localhost', | |
166 | port: emailPort | |
167 | } | |
168 | } | |
169 | await server.run(config) | |
170 | ||
171 | const fields = { | |
172 | ...baseCorrectParams, | |
173 | ||
174 | password: '', | |
175 | username: 'create_password', | |
176 | email: 'create_password@example.com' | |
177 | } | |
178 | ||
179 | await makePostBodyRequest({ | |
180 | url: server.url, | |
181 | path: path, | |
182 | token: server.accessToken, | |
183 | fields, | |
184 | expectedStatus: HttpStatusCode.OK_200 | |
185 | }) | |
186 | }) | |
187 | ||
188 | it('Should fail with invalid admin flags', async function () { | |
189 | const fields = { ...baseCorrectParams, adminFlags: 'toto' } | |
190 | ||
191 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
192 | }) | |
193 | ||
194 | it('Should fail with an non authenticated user', async function () { | |
195 | await makePostBodyRequest({ | |
196 | url: server.url, | |
197 | path, | |
198 | token: 'super token', | |
199 | fields: baseCorrectParams, | |
200 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
201 | }) | |
202 | }) | |
203 | ||
204 | it('Should fail if we add a user with the same username', async function () { | |
205 | const fields = { ...baseCorrectParams, username: 'user1' } | |
206 | ||
207 | await makePostBodyRequest({ | |
208 | url: server.url, | |
209 | path, | |
210 | token: server.accessToken, | |
211 | fields, | |
212 | expectedStatus: HttpStatusCode.CONFLICT_409 | |
213 | }) | |
214 | }) | |
215 | ||
216 | it('Should fail if we add a user with the same email', async function () { | |
217 | const fields = { ...baseCorrectParams, email: 'user1@example.com' } | |
218 | ||
219 | await makePostBodyRequest({ | |
220 | url: server.url, | |
221 | path, | |
222 | token: server.accessToken, | |
223 | fields, | |
224 | expectedStatus: HttpStatusCode.CONFLICT_409 | |
225 | }) | |
226 | }) | |
227 | ||
228 | it('Should fail without a videoQuota', async function () { | |
229 | const fields = omit(baseCorrectParams, 'videoQuota') | |
230 | ||
231 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
232 | }) | |
233 | ||
234 | it('Should fail without a videoQuotaDaily', async function () { | |
235 | const fields = omit(baseCorrectParams, 'videoQuotaDaily') | |
236 | ||
237 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
238 | }) | |
239 | ||
240 | it('Should fail with an invalid videoQuota', async function () { | |
241 | const fields = { ...baseCorrectParams, videoQuota: -5 } | |
242 | ||
243 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
244 | }) | |
245 | ||
246 | it('Should fail with an invalid videoQuotaDaily', async function () { | |
247 | const fields = { ...baseCorrectParams, videoQuotaDaily: -7 } | |
248 | ||
249 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
250 | }) | |
251 | ||
252 | it('Should fail without a user role', async function () { | |
253 | const fields = omit(baseCorrectParams, 'role') | |
254 | ||
255 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
256 | }) | |
257 | ||
258 | it('Should fail with an invalid user role', async function () { | |
259 | const fields = { ...baseCorrectParams, role: 88989 } | |
260 | ||
261 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
262 | }) | |
263 | ||
264 | it('Should fail with a "peertube" username', async function () { | |
265 | const fields = { ...baseCorrectParams, username: 'peertube' } | |
266 | ||
267 | await makePostBodyRequest({ | |
268 | url: server.url, | |
269 | path, | |
270 | token: server.accessToken, | |
271 | fields, | |
272 | expectedStatus: HttpStatusCode.CONFLICT_409 | |
273 | }) | |
274 | }) | |
275 | ||
276 | it('Should fail to create a moderator or an admin with a moderator', async function () { | |
277 | for (const role of [ UserRole.MODERATOR, UserRole.ADMINISTRATOR ]) { | |
278 | const fields = { ...baseCorrectParams, role } | |
279 | ||
280 | await makePostBodyRequest({ | |
281 | url: server.url, | |
282 | path, | |
283 | token: moderatorToken, | |
284 | fields, | |
285 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | |
286 | }) | |
287 | } | |
288 | }) | |
289 | ||
290 | it('Should succeed to create a user with a moderator', async function () { | |
291 | const fields = { ...baseCorrectParams, username: 'a4656', email: 'a4656@example.com', role: UserRole.USER } | |
292 | ||
293 | await makePostBodyRequest({ | |
294 | url: server.url, | |
295 | path, | |
296 | token: moderatorToken, | |
297 | fields, | |
298 | expectedStatus: HttpStatusCode.OK_200 | |
299 | }) | |
300 | }) | |
301 | ||
302 | it('Should succeed with the correct params', async function () { | |
303 | await makePostBodyRequest({ | |
304 | url: server.url, | |
305 | path, | |
306 | token: server.accessToken, | |
307 | fields: baseCorrectParams, | |
308 | expectedStatus: HttpStatusCode.OK_200 | |
309 | }) | |
310 | }) | |
311 | ||
312 | it('Should fail with a non admin user', async function () { | |
313 | const user = { username: 'user1' } | |
314 | userToken = await server.login.getAccessToken(user) | |
315 | ||
316 | const fields = { | |
317 | username: 'user3', | |
318 | email: 'test@example.com', | |
319 | password: 'my super password', | |
320 | videoQuota: 42000000 | |
321 | } | |
322 | await makePostBodyRequest({ url: server.url, path, token: userToken, fields, expectedStatus: HttpStatusCode.FORBIDDEN_403 }) | |
323 | }) | |
324 | }) | |
325 | ||
326 | describe('When getting a user', function () { | |
327 | ||
328 | it('Should fail with an non authenticated user', async function () { | |
329 | await makeGetRequest({ | |
330 | url: server.url, | |
331 | path: path + userId, | |
332 | token: 'super token', | |
333 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
334 | }) | |
335 | }) | |
336 | ||
337 | it('Should fail with a non admin user', async function () { | |
338 | await makeGetRequest({ url: server.url, path, token: userToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 }) | |
339 | }) | |
340 | ||
341 | it('Should succeed with the correct params', async function () { | |
342 | await makeGetRequest({ url: server.url, path: path + userId, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 }) | |
343 | }) | |
344 | }) | |
345 | ||
346 | describe('When updating a user', function () { | |
347 | ||
348 | it('Should fail with an invalid email attribute', async function () { | |
349 | const fields = { | |
350 | email: 'blabla' | |
351 | } | |
352 | ||
353 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | |
354 | }) | |
355 | ||
356 | it('Should fail with an invalid emailVerified attribute', async function () { | |
357 | const fields = { | |
358 | emailVerified: 'yes' | |
359 | } | |
360 | ||
361 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | |
362 | }) | |
363 | ||
364 | it('Should fail with an invalid videoQuota attribute', async function () { | |
365 | const fields = { | |
366 | videoQuota: -90 | |
367 | } | |
368 | ||
369 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | |
370 | }) | |
371 | ||
372 | it('Should fail with an invalid user role attribute', async function () { | |
373 | const fields = { | |
374 | role: 54878 | |
375 | } | |
376 | ||
377 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | |
378 | }) | |
379 | ||
380 | it('Should fail with a too small password', async function () { | |
381 | const fields = { | |
382 | currentPassword: 'password', | |
383 | password: 'bla' | |
384 | } | |
385 | ||
386 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | |
387 | }) | |
388 | ||
389 | it('Should fail with a too long password', async function () { | |
390 | const fields = { | |
391 | currentPassword: 'password', | |
392 | password: 'super'.repeat(61) | |
393 | } | |
394 | ||
395 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | |
396 | }) | |
397 | ||
398 | it('Should fail with an non authenticated user', async function () { | |
399 | const fields = { | |
400 | videoQuota: 42 | |
401 | } | |
402 | ||
403 | await makePutBodyRequest({ | |
404 | url: server.url, | |
405 | path: path + userId, | |
406 | token: 'super token', | |
407 | fields, | |
408 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
409 | }) | |
410 | }) | |
411 | ||
412 | it('Should fail when updating root role', async function () { | |
413 | const fields = { | |
414 | role: UserRole.MODERATOR | |
415 | } | |
416 | ||
417 | await makePutBodyRequest({ url: server.url, path: path + rootId, token: server.accessToken, fields }) | |
418 | }) | |
419 | ||
420 | it('Should fail with invalid admin flags', async function () { | |
421 | const fields = { adminFlags: 'toto' } | |
422 | ||
423 | await makePutBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
424 | }) | |
425 | ||
426 | it('Should fail to update an admin with a moderator', async function () { | |
427 | const fields = { | |
428 | videoQuota: 42 | |
429 | } | |
430 | ||
431 | await makePutBodyRequest({ | |
432 | url: server.url, | |
433 | path: path + moderatorId, | |
434 | token: moderatorToken, | |
435 | fields, | |
436 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | |
437 | }) | |
438 | }) | |
439 | ||
440 | it('Should succeed to update a user with a moderator', async function () { | |
441 | const fields = { | |
442 | videoQuota: 42 | |
443 | } | |
444 | ||
445 | await makePutBodyRequest({ | |
446 | url: server.url, | |
447 | path: path + userId, | |
448 | token: moderatorToken, | |
449 | fields, | |
450 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | |
451 | }) | |
452 | }) | |
453 | ||
454 | it('Should succeed with the correct params', async function () { | |
455 | const fields = { | |
456 | email: 'email@example.com', | |
457 | emailVerified: true, | |
458 | videoQuota: 42, | |
459 | role: UserRole.USER | |
460 | } | |
461 | ||
462 | await makePutBodyRequest({ | |
463 | url: server.url, | |
464 | path: path + userId, | |
465 | token: server.accessToken, | |
466 | fields, | |
467 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | |
468 | }) | |
469 | }) | |
470 | }) | |
471 | ||
472 | after(async function () { | |
473 | MockSmtpServer.Instance.kill() | |
474 | ||
475 | await cleanupTests([ server ]) | |
476 | }) | |
477 | }) |